8.1.4.1.1. cobbler.modules.authentication package
8.1.4.1.1.1. Submodules
8.1.4.1.1.2. cobbler.modules.authentication.configfile module
Authentication module that uses /etc/cobbler/auth.conf Choice of authentication module is in /etc/cobbler/modules.conf
- cobbler.modules.authentication.configfile.authenticate(api_handle: CobblerAPI, username: str, password: str) bool [source]
Validate a username/password combo.
Thanks to https://trac.edgewall.org/ticket/845 for supplying the algorithm info.
- Parameters
api_handle – Unused in this implementation.
username – The username to log in with. Must be contained in /etc/cobbler/users.digest
password – The password to log in with. Must be contained hashed in /etc/cobbler/users.digest
- Returns
A boolean which contains the information if the username/password combination is correct.
- cobbler.modules.authentication.configfile.hashfun(api: CobblerAPI, text: str) str [source]
Converts a str object to a hash which was configured in modules.conf of the Cobbler settings.
- Parameters
api – CobblerAPI
text – The text to hash.
- Returns
The hash of the text. This should output the same hash when entered the same text.
8.1.4.1.1.3. cobbler.modules.authentication.denyall module
Authentication module that denies everything. Used to disable the WebUI by default.
8.1.4.1.1.4. cobbler.modules.authentication.ldap module
Authentication module that uses ldap Settings in /etc/cobbler/authn_ldap.conf Choice of authentication module is in /etc/cobbler/modules.conf
- cobbler.modules.authentication.ldap.authenticate(api_handle: CobblerAPI, username: str, password: str) bool [source]
Validate an LDAP bind, returning whether the authentication was successful or not.
- Parameters
api_handle – The api instance to resolve settings.
username – The username to authenticate.
password – The password to authenticate.
- Returns
True if the ldap server authentication was a success, otherwise false.
- Raises
CX – Raised in case the LDAP search bind credentials are missing in the settings.
8.1.4.1.1.5. cobbler.modules.authentication.pam module
Authentication module that uses /etc/cobbler/auth.conf Choice of authentication module is in /etc/cobbler/modules.conf
PAM python code based on the pam_python code created by Chris AtLee: https://atlee.ca/software/pam/
#———————————————– pam_python (c) 2007 Chris AtLee <chris@atlee.ca> Licensed under the MIT license: https://www.opensource.org/licenses/mit-license.php
PAM module for python
Provides an authenticate function that will allow the caller to authenticate a user against the Pluggable Authentication Modules (PAM) on the system.
Implemented using ctypes, so no compilation is necessary.
- class cobbler.modules.authentication.pam.PamConv[source]
Bases:
Structure
wrapper class for pam_conv structure
- appdata_ptr
Structure/Union member
- conv
Structure/Union member
- class cobbler.modules.authentication.pam.PamHandle[source]
Bases:
Structure
wrapper class for pam_handle_t
- handle
Structure/Union member
- class cobbler.modules.authentication.pam.PamMessage[source]
Bases:
Structure
wrapper class for pam_message structure
- msg
Structure/Union member
- msg_style
Structure/Union member
- class cobbler.modules.authentication.pam.PamResponse[source]
Bases:
Structure
wrapper class for pam_response structure
- resp
Structure/Union member
- resp_retcode
Structure/Union member
- cobbler.modules.authentication.pam.authenticate(api_handle: CobblerAPI, username: str, password: str) bool [source]
Validate PAM authentication, returning whether the authentication was successful or not.
- Parameters
api_handle – Used for resolving the pam service name and getting the Logger.
username – The username to log in with.
password – The password to log in with.
- Returns
True if the given username and password authenticate for the given service. Otherwise False
8.1.4.1.1.6. cobbler.modules.authentication.passthru module
Authentication module that defers to Apache and trusts what Apache trusts.
- cobbler.modules.authentication.passthru.authenticate(api_handle: CobblerAPI, username: str, password: str) bool [source]
Validate a username/password combo. Uses cobbler_auth_helper
- Parameters
api_handle – This parameter is not used currently.
username – This parameter is not used currently.
password – This should be the internal Cobbler secret.
- Returns
True if the password is the secret, otherwise false.
8.1.4.1.1.7. cobbler.modules.authentication.spacewalk module
Authentication module that uses Spacewalk’s auth system. Any org_admin or kickstart_admin can get in.
- cobbler.modules.authentication.spacewalk.authenticate(api_handle: CobblerAPI, username: str, password: str) bool [source]
Validate a username/password combo. This will pass the username and password back to Spacewalk to see if this authentication request is valid.
- Parameters
api_handle – The api instance to retrieve settings of.
username – The username to authenticate against spacewalk/uyuni/SUSE Manager
password – The password to authenticate against spacewalk/uyuni/SUSE Manager
- Returns
True if it succeeded, False otherwise.
- Raises
CX – Raised in case
api_handle
is missing.
8.1.4.1.1.8. Module contents
This module represents all Cobbler methods of authentication. All present modules may be used through the configuration
file modules.conf
normally found at /etc/cobbler/
.
In the following the specification of an authentication module is given:
The name of the only public method - except the generic
register()
method - must beauthenticate
The attributes are - in exactly this order:
api_handle
,username
,password
The username and password both must be of type
str
.The
api_handle
must be the mainCobblerAPI
instance.The return value of the module must be a
bool
.The method should only return
True
in case the authentication is successful.Errors should result in the return of
False
and a log message to the standard Python logger obtioned vialogging.getLogger()
.The return value of
register()
must beauthn
.
The list of currently known authentication modules is:
authentication.configfile
authentication.denyall
authentication.ldap
authentication.pam
authentication.passthru
authentication.spacewalk