Jira (PDB-3502) Extend authentication mechanism of puppet client tools

2 views
Skip to first unread message

Remi Ferrand (JIRA)

unread,
May 5, 2017, 9:42:02 AM5/5/17
to puppe...@googlegroups.com
Remi Ferrand created an issue
 
PuppetDB / New Feature PDB-3502
Extend authentication mechanism of puppet client tools
Issue Type: New Feature New Feature
Assignee: Unassigned
Components: PuppetDB
Created: 2017/05/05 6:41 AM
Environment:
  • puppet-agent-1.10.0-1.el7.x86_64
  • puppet-client-tools-1.2.1-1.el7.x86_64
  • puppetdb-4.3.2-1.el7.noarch
Priority: Normal Normal
Reporter: Remi Ferrand

At our site, we're using an nginx reverse proxy to expose only the query endpoint to our users.
Currently, we're using SSL client authentication (as PuppetDB does) and everything works fine with this setup :

  • raw queries work
  • puppet-query tool works

Currently, with this setup, every user needs to setup its certificate and private key (unprotected) and point those files in the client-tools/puppetdb.conf configuration file.

This would be great to have a new feature that allows user to use an encrypted private key and to be prompted for the decryption password. Or to use environment to pass the private key password along.

Another cool feature would be to support a pluggable authentication mechanism.
This way each site could adapt and write code based on its requirements and needs.

For instance at our site, we'd like to use HTTP Negotiate / SPNEGO to authenticate our users with their Kerberos credentials and such a plugin system would allow us to develop our authentication plugin.

Thanks for your consideration

Cheers

Rémi

Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)
Atlassian logo

Rob Browning (JIRA)

unread,
May 5, 2017, 10:06:03 AM5/5/17
to puppe...@googlegroups.com

Russell Mull (JIRA)

unread,
Jul 24, 2017, 12:29:04 PM7/24/17
to puppe...@googlegroups.com

Claudia Petty (Jira)

unread,
Jun 21, 2023, 10:57:04 AM6/21/23
to puppe...@googlegroups.com
Claudia Petty updated an issue
Change By: Claudia Petty
Labels: new-feature
This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages