7.1.7.1.1. cobbler.modules.authentication package

7.1.7.1.1.1. Submodules

7.1.7.1.1.2. cobbler.modules.authentication.configfile module

Authentication module that uses /etc/cobbler/auth.conf Choice of authentication module is in /etc/cobbler/modules.conf

cobbler.modules.authentication.configfile.authenticate(api_handle: CobblerAPI, username: str, password: str) bool[source]

Validate a username/password combo.

Thanks to https://trac.edgewall.org/ticket/845 for supplying the algorithm info.

Parameters:

  • api_handle – Unused in this implementation.

  • username – The username to log in with. Must be contained in /etc/cobbler/users.digest

  • password – The password to log in with. Must be contained hashed in /etc/cobbler/users.digest

Returns:

A boolean which contains the information if the username/password combination is correct.

cobbler.modules.authentication.configfile.hashfun(api: CobblerAPI, text: str) str[source]

Converts a str object to a hash which was configured in modules.conf of the Cobbler settings.

Parameters:

  • api – CobblerAPI

  • text – The text to hash.

Returns:

The hash of the text. This should output the same hash when entered the same text.

cobbler.modules.authentication.configfile.register() str[source]

The mandatory Cobbler module registration hook.

7.1.7.1.1.3. cobbler.modules.authentication.denyall module

Authentication module that denies everything. Used to disable the WebUI by default.

cobbler.modules.authentication.denyall.authenticate(api_handle: CobblerAPI, username: str, password: str) bool[source]

Validate a username/password combo, always returning false.

Returns:

False

cobbler.modules.authentication.denyall.register() str[source]

The mandatory Cobbler module registration hook.

7.1.7.1.1.4. cobbler.modules.authentication.ldap module

Authentication module that uses ldap Settings in /etc/cobbler/authn_ldap.conf Choice of authentication module is in /etc/cobbler/modules.conf

cobbler.modules.authentication.ldap.authenticate(api_handle: CobblerAPI, username: str, password: str) bool[source]

Validate an LDAP bind, returning whether the authentication was successful or not.

Parameters:

  • api_handle – The api instance to resolve settings.

  • username – The username to authenticate.

  • password – The password to authenticate.

Returns:

True if the ldap server authentication was a success, otherwise false.

Raises:

CX – Raised in case the LDAP search bind credentials are missing in the settings.

cobbler.modules.authentication.ldap.register() str[source]

The mandatory Cobbler module registration hook.

Returns:

Always “authn”

7.1.7.1.1.5. cobbler.modules.authentication.pam module

Authentication module that uses /etc/cobbler/auth.conf Choice of authentication module is in /etc/cobbler/modules.conf

PAM python code based on the pam_python code created by Chris AtLee: https://atlee.ca/software/pam/

#———————————————– pam_python (c) 2007 Chris AtLee <chris@atlee.ca> Licensed under the MIT license: https://www.opensource.org/licenses/mit-license.php

PAM module for python

Provides an authenticate function that will allow the caller to authenticate a user against the Pluggable Authentication Modules (PAM) on the system.

Implemented using ctypes, so no compilation is necessary.

class cobbler.modules.authentication.pam.PamConv[source]

Bases: Structure

wrapper class for pam_conv structure

appdata_ptr

Structure/Union member

conv

Structure/Union member

class cobbler.modules.authentication.pam.PamHandle[source]

Bases: Structure

wrapper class for pam_handle_t

handle

Structure/Union member

class cobbler.modules.authentication.pam.PamMessage[source]

Bases: Structure

wrapper class for pam_message structure

msg

Structure/Union member

msg_style

Structure/Union member

class cobbler.modules.authentication.pam.PamResponse[source]

Bases: Structure

wrapper class for pam_response structure

resp

Structure/Union member

resp_retcode

Structure/Union member

cobbler.modules.authentication.pam.authenticate(api_handle: CobblerAPI, username: str, password: str) bool[source]

Validate PAM authentication, returning whether the authentication was successful or not.

Parameters:

  • api_handle – Used for resolving the pam service name and getting the Logger.

  • username – The username to log in with.

  • password – The password to log in with.

Returns:

True if the given username and password authenticate for the given service. Otherwise False

cobbler.modules.authentication.pam.register() str[source]

The mandatory Cobbler module registration hook.

7.1.7.1.1.6. cobbler.modules.authentication.passthru module

Authentication module that defers to Apache and trusts what Apache trusts.

cobbler.modules.authentication.passthru.authenticate(api_handle: CobblerAPI, username: str, password: str) bool[source]

Validate a username/password combo. Uses cobbler_auth_helper

Parameters:

  • api_handle – This parameter is not used currently.

  • username – This parameter is not used currently.

  • password – This should be the internal Cobbler secret.

Returns:

True if the password is the secret, otherwise false.

cobbler.modules.authentication.passthru.register() str[source]

The mandatory Cobbler module registration hook.

Returns:

Always “authn”

7.1.7.1.1.7. cobbler.modules.authentication.spacewalk module

Authentication module that uses Spacewalk’s auth system. Any org_admin or kickstart_admin can get in.

cobbler.modules.authentication.spacewalk.authenticate(api_handle: CobblerAPI, username: str, password: str) bool[source]

Validate a username/password combo. This will pass the username and password back to Spacewalk to see if this authentication request is valid.

See also: https://github.com/uyuni-project/uyuni/blob/c9b7285117822af96c223cb0b6e0ae96ec7f0837/java/code/src/com/redhat/rhn/frontend/xmlrpc/auth/AuthHandler.java#L107

Parameters:

  • api_handle – The api instance to retrieve settings of.

  • username – The username to authenticate against spacewalk/uyuni/SUSE Manager

  • password – The password to authenticate against spacewalk/uyuni/SUSE Manager

Returns:

True if it succeeded, False otherwise.

Raises:

CX – Raised in case api_handle is missing.

cobbler.modules.authentication.spacewalk.register() str[source]

The mandatory Cobbler module registration hook.

7.1.7.1.1.8. Module contents

This module represents all Cobbler methods of authentication. All present modules may be used through the configuration file modules.conf normally found at /etc/cobbler/.

In the following the specification of an authentication module is given:

  1. The name of the only public method - except the generic register() method - must be authenticate

  2. The attributes are - in exactly this order: api_handle, username, password

  3. The username and password both must be of type str.

  4. The api_handle must be the main CobblerAPI instance.

  5. The return value of the module must be a bool.

  6. The method should only return True in case the authentication is successful.

  7. Errors should result in the return of False and a log message to the standard Python logger obtioned via logging.getLogger().

  8. The return value of register() must be authn.

The list of currently known authentication modules is:

  • authentication.configfile

  • authentication.denyall

  • authentication.ldap

  • authentication.pam

  • authentication.passthru

  • authentication.spacewalk