diff options
| -rw-r--r-- | CHANGELOG | 2 | ||||
| -rw-r--r-- | cobbler/action_import.py | 3 | ||||
| -rw-r--r-- | cobbler/modules/authn_denyall.py | 43 | ||||
| -rw-r--r-- | config/modules.conf | 2 | ||||
| -rw-r--r-- | config/settings | 2 |
5 files changed, 48 insertions, 4 deletions
@@ -22,6 +22,8 @@ Cobbler CHANGELOG - support for kerberos authentication - revamped pre/post install triggers system (triggered via cgi from kickstart wget) - logrotate should not send emails to root when restarting services +- default core (but not repo add) repos to priority 1 (lowest) if using priorities plugin +- change default authentication to deny_all, xmlrpc_rw_enabled now on by default - ??? - 0.8.3 - Make createrepo get run for local cobbler reposync invocations as needed diff --git a/cobbler/action_import.py b/cobbler/action_import.py index 377b122..2e70c80 100644 --- a/cobbler/action_import.py +++ b/cobbler/action_import.py @@ -458,8 +458,7 @@ class Importer: config_file.write("baseurl=http://@@http_server@@/cobbler/ks_mirror/%s\n" % (urlseg)) config_file.write("enabled=1\n") config_file.write("gpgcheck=0\n") - # NOTE: yum priority defaults to 99 if that plugin is enabled - # so don't need to add priority=99 here + config_file.write("priority=1\n") config_file.close() # don't run creatrepo twice -- this can happen easily for Xen and PXE, when diff --git a/cobbler/modules/authn_denyall.py b/cobbler/modules/authn_denyall.py new file mode 100644 index 0000000..91e27d4 --- /dev/null +++ b/cobbler/modules/authn_denyall.py @@ -0,0 +1,43 @@ +""" +Authentication module that denies everything. +Used to disable the WebUI by default. + +Copyright 2007-2008, Red Hat, Inc +Michael DeHaan <mdehaan@redhat.com> + +This software may be freely redistributed under the terms of the GNU +general public license. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +""" + +import distutils.sysconfig +import sys + +plib = distutils.sysconfig.get_python_lib() +mod_path="%s/cobbler" % plib +sys.path.insert(0, mod_path) + + +def register(): + """ + The mandatory cobbler module registration hook. + """ + return "authn" + +def authenticate(api_handle,username,password): + """ + Validate a username/password combo, returning True/False + + Thanks to http://trac.edgewall.org/ticket/845 for supplying + the algorithm info. + """ + + # debugging only (not safe to enable) + # api_handle.logger.debug("backend authenticate (%s,%s)" % (username,password)) + + return False + + diff --git a/config/modules.conf b/config/modules.conf index 2daf0e4..88aa134 100644 --- a/config/modules.conf +++ b/config/modules.conf @@ -6,7 +6,7 @@ system = serializer_yaml repo = serializer_yaml [authentication] -module = authn_configfile +module = authn_denyall [authorization] module = authz_allowall diff --git a/config/settings b/config/settings index 33eb4b1..fc6739a 100644 --- a/config/settings +++ b/config/settings @@ -43,7 +43,7 @@ tftpd_bin: /usr/sbin/in.tftpd tftpd_conf: /etc/xinetd.d/tftp webdir: /var/www/cobbler xmlrpc_port: 25151 -xmlrpc_rw_enabled: 0 +xmlrpc_rw_enabled: 1 xmlrpc_rw_port: 25152 yum_post_install_mirror: 0 yumdownloader_flags: "--resolve" |