D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
self
/
root
/
opt
/
saltstack
/
salt
/
lib
/
python3.10
/
site-packages
/
salt
/
auth
/
Filename :
sharedsecret.py
back
Copy
"""Provide authentication using configured shared secret .. code-block:: yaml external_auth: sharedsecret: fred: - .* - '@jobs' The shared secret should be added to the master configuration, for example in /etc/salt/master.d/sharedsecret.conf (make sure that file is only readable by the user running the master): .. code-block:: yaml sharedsecret: OIUHF_CHANGE_THIS_12h88 This auth module should be used with caution. It was initially designed to work with a frontal that takes care of authentication (for example kerberos) and places the shared secret in the HTTP headers to the salt-api call. This salt-api call should really be done on localhost to avoid someone eavesdropping on the shared secret. See the documentation for cherrypy to setup the headers in your frontal. .. versionadded:: 2015.8.0 """ import logging log = logging.getLogger(__name__) def auth(username, password): """ Shared secret authentication """ return password == __opts__.get("sharedsecret")