Project

General

Profile

Feature #11936

Support kerberized SSH as an alternative to keys

Added by Stephen Benjamin almost 4 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Adam Ruzicka
Category:
-
Target version:
foreman_remote_execution_core 1.0.5
Difficulty:
Triaged:
Bugzilla link:
1386266
Pull request:
https://github.com/theforeman/foreman_remote_execution/pull/250, https://github.com/theforeman/smart_proxy_remote_execution_ssh/pull/33
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

It'd be relatively easy for the proxy to use the existing krb5 infrastructure (used by GSS-TSIG DNS updates and Realm) as an optional alternative to SSH keys.

Related issues

Related to Installer - Bug #19918: Allow enabling kerberos auth for REXClosed2017-06-05
Has duplicate Foreman Remote Execution - Feature #15946: kerberos authenticationDuplicate2016-08-02

Associated revisions

Revision 38635460 (diff)
Added by adamruzicka about 2 years ago

Fixes #11936 - Allow authenticating with kerberos

Revision b122c466 (diff)
Added by adamruzicka about 2 years ago

Fixes #11936 - Add settings for kerberos auth

History

#1 Updated by Stephen Benjamin almost 4 years ago

  • Tracker changed from Bug to Feature

#2 Updated by Stephen Benjamin almost 3 years ago

#3 Updated by Daniel Lobato Garcia almost 3 years ago

It would be useful to be able to assign the keytab to each job invocation / and provide a default keytab per template.

#4 Updated by Daniel Lobato Garcia almost 3 years ago

  • Bugzilla link set to 1386266

#5 Updated by Ivan Necas over 2 years ago

  • Target version set to 1.13.1

Assigning for iteration 14 although it will probably skip to iteration 15. It seems https://github.com/cbeer/net-ssh-kerberos should be relatively straight forward to use. The majority of the work (I hope) should be around packaging, testing and documentation.

#6 Updated by The Foreman Bot about 2 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Adam Ruzicka
  • Pull request https://github.com/theforeman/foreman_remote_execution/pull/250 added

#7 Updated by Adam Ruzicka about 2 years ago

  • Related to Bug #19918: Allow enabling kerberos auth for REX added

#8 Updated by The Foreman Bot about 2 years ago

  • Pull request https://github.com/theforeman/smart_proxy_remote_execution_ssh/pull/33 added

#9 Updated by Anonymous about 2 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#10 Updated by Ivan Necas about 2 years ago

  • Legacy Backlogs Release (now unused) set to 280

Also available in: Atom PDF