Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-3502

Extend authentication mechanism of puppet client tools

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: PuppetDB
    • Labels:
      None
    • Environment:
      • puppet-agent-1.10.0-1.el7.x86_64
      • puppet-client-tools-1.2.1-1.el7.x86_64
      • puppetdb-4.3.2-1.el7.noarch
    • Template:
    • QA Risk Assessment:
      Needs Assessment

      Description

      At our site, we're using an nginx reverse proxy to expose only the query endpoint to our users.
      Currently, we're using SSL client authentication (as PuppetDB does) and everything works fine with this setup :

      • raw queries work
      • puppet-query tool works

      Currently, with this setup, every user needs to setup its certificate and private key (unprotected) and point those files in the client-tools/puppetdb.conf configuration file.

      This would be great to have a new feature that allows user to use an encrypted private key and to be prompted for the decryption password. Or to use environment to pass the private key password along.

      Another cool feature would be to support a pluggable authentication mechanism.
      This way each site could adapt and write code based on its requirements and needs.

      For instance at our site, we'd like to use HTTP Negotiate / SPNEGO to authenticate our users with their Kerberos credentials and such a plugin system would allow us to develop our authentication plugin.

      Thanks for your consideration

      Cheers

      RĂ©mi

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              remi.ferrand Remi Ferrand
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Zendesk Support