9.1.4.1.1. cobbler.modules.authentication package
9.1.4.1.1.1. Submodules
9.1.4.1.1.2. cobbler.modules.authentication.configfile module
Authentication module that uses /etc/cobbler/auth.conf Choice of authentication module is in /etc/cobbler/modules.conf
- cobbler.modules.authentication.configfile.authenticate(api_handle, username: str, password: str) bool [source]
Validate a username/password combo.
Thanks to http://trac.edgewall.org/ticket/845 for supplying the algorithm info.
- Parameters:
api_handle – Unused in this implementation.
username – The username to log in with. Must be contained in /etc/cobbler/users.digest
password – The password to log in with. Must be contained hashed in /etc/cobbler/users.digest
- Returns:
A boolean which contains the information if the username/password combination is correct.
9.1.4.1.1.3. cobbler.modules.authentication.denyall module
Authentication module that denies everything. Used to disable the WebUI by default.
- cobbler.modules.authentication.denyall.authenticate(api_handle, username, password) bool [source]
Validate a username/password combo, returning True/False
Thanks to http://trac.edgewall.org/ticket/845 for supplying the algorithm info.
9.1.4.1.1.4. cobbler.modules.authentication.ldap module
Authentication module that uses ldap Settings in /etc/cobbler/authn_ldap.conf Choice of authentication module is in /etc/cobbler/modules.conf
- cobbler.modules.authentication.ldap.authenticate(api_handle, username, password) bool [source]
Validate an LDAP bind, returning whether the authentication was successful or not.
- Parameters:
api_handle – The api instance to resolve settings.
username – The username to authenticate.
password – The password to authenticate.
- Returns:
True if the ldap server authentication was a success, otherwise false.
- Raises:
CX – Raised in case the LDAP search bind credentials are missing in the settings.
9.1.4.1.1.5. cobbler.modules.authentication.pam module
Authentication module that uses /etc/cobbler/auth.conf Choice of authentication module is in /etc/cobbler/modules.conf
PAM python code based on the pam_python code created by Chris AtLee: http://atlee.ca/software/pam/
#———————————————– pam_python (c) 2007 Chris AtLee <chris@atlee.ca> Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
PAM module for python
Provides an authenticate function that will allow the caller to authenticate a user against the Pluggable Authentication Modules (PAM) on the system.
Implemented using ctypes, so no compilation is necessary.
- class cobbler.modules.authentication.pam.PamConv[source]
Bases:
Structure
wrapper class for pam_conv structure
- appdata_ptr
Structure/Union member
- conv
Structure/Union member
- class cobbler.modules.authentication.pam.PamHandle[source]
Bases:
Structure
wrapper class for pam_handle_t
- handle
Structure/Union member
- class cobbler.modules.authentication.pam.PamMessage[source]
Bases:
Structure
wrapper class for pam_message structure
- msg
Structure/Union member
- msg_style
Structure/Union member
- class cobbler.modules.authentication.pam.PamResponse[source]
Bases:
Structure
wrapper class for pam_response structure
- resp
Structure/Union member
- resp_retcode
Structure/Union member
- cobbler.modules.authentication.pam.authenticate(api_handle, username: str, password: str) bool [source]
Validate PAM authentication, returning whether the authentication was successful or not.
- Parameters:
api_handle – Used for resolving the the pam service name and getting the Logger.
username – The username to log in with.
password – The password to log in with.
- Returns:
True if the given username and password authenticate for the given service. Otherwise False
9.1.4.1.1.6. cobbler.modules.authentication.passthru module
Authentication module that defers to Apache and trusts what Apache trusts.
- cobbler.modules.authentication.passthru.authenticate(api_handle, username, password) bool [source]
Validate a username/password combo. Uses cobbler_auth_helper
- Parameters:
api_handle – This parameter is not used currently.
username – This parameter is not used currently.
password – This should be the internal Cobbler secret.
- Returns:
True if the password is the secret, otherwise false.
9.1.4.1.1.7. cobbler.modules.authentication.spacewalk module
Authentication module that uses Spacewalk’s auth system. Any org_admin or kickstart_admin can get in.
- cobbler.modules.authentication.spacewalk.authenticate(api_handle, username: str, password: str) bool [source]
Validate a username/password combo. This will pass the username and password back to Spacewalk to see if this authentication request is valid.
- Parameters:
api_handle – The api instance to retrieve settings of.
username – The username to authenticate against spacewalk/uyuni/SUSE Manager
password – The password to authenticate against spacewalk/uyuni/SUSE Manager
- Returns:
True if it succeeded, False otherwise.
- Raises:
CX – Raised in case
api_handle
is missing.
9.1.4.1.1.8. Module contents
This module represents all Cobbler methods of authentication. All present modules may be used through the configuration
file modules.conf
normally found at /etc/cobbler/
.
In the following the specification of an authentication module is given:
The name of the only public method - except the generic
register()
method - must beauthenticate
The attributes are - in exactly this order:
api_handle
,username
,password
The username and password both must be of type
str
.The
api_handle
must be the mainCobblerAPI
instance.The return value of the module must be a
bool
.The method should only return
True
in case the authentication is successful.Errors should result in the return of
False
and a log message to the standard Python logger obtioned vialogging.getLogger()
.The return value of
register()
must beauthn
.
The list of currently known authentication modules is:
authentication.configfile
authentication.denyall
authentication.ldap
authentication.pam
authentication.passthru
authentication.spacewalk