5.1. Security Overview¶
This section provides an overview of Cobbler’s security model for the Web UI.
5.1.1. Why Customizable Security?¶
See also Web Interface.
When manipulating cobbler remotely, either through the Web UI or the XMLRPC interface, different classes of users want different authentication systems and different workflows. It would be wrong for Cobbler to enforce any specific workflow on someone moving to Cobbler from their current systems, as it would limit where Cobbler can be deployed. So what Cobbler does is make authentication and authorization extremely pluggable, while still shipping with some very reasonable defaults.
The center of all of this revolves around a few settings in
/etc/cobbler/modules.conf, for example:
[authentication] module = authn_configfile [authorization] module = authn_allowall
The list of choices for each option is covered in depth at the links below.