5.1. Security Overview¶

This section provides an overview of Cobbler’s security model for the Web UI.

5.1.1. Why Customizable Security?¶

When manipulating cobbler remotely, either through the Web UI or the XMLRPC interface, different classes of users want different authentication systems and different workflows. It would be wrong for Cobbler to enforce any specific workflow on someone moving to Cobbler from their current systems, as it would limit where Cobbler can be deployed. So what Cobbler does is make authentication and authorization extremely pluggable, while still shipping with some very reasonable defaults.

The center of all of this revolves around a few settings in /etc/cobbler/modules.conf, for example:

[authentication]
module = authn_configfile

[authorization]
module = authn_allowall

The list of choices for each option is covered in depth at the links below.

5.1.2. Authentication¶

The authentication setting determines what external source users are checked against to see if their passwords are valid.

See Web Authentication.

The default setting is to deny XMLRPC access, so all users wanting remote/web access will need to pick their authentication mode.

5.1.3. Authorization¶

The authorization setting determines, for a user that has already passed authentication stages, what resources they have access to in Cobbler.

See Web Authorization.

The default is to authorize all users that have cleared the authentication stage.