Feature #12401
closed
Add support for client certificate authentication.
Added by Robert Frank about 9 years ago.
Updated over 6 years ago.
Description
We make heavy use of certificate authentication and I've set up a foreman server to only allow certificate authentication. Unfortunately the cli only allows basic user authentication and therefore can't be used to change foreman settings on the command line.
Our shop does the same (requires client certs at the httpd level on the Foreman server), so hammer is consequently "broken" in favor of this security practice.
- Category set to Hammer core
- Target version set to 115
- Related to Bug #12400: Missing option to enable verification of the server certificate. added
Unfortunately, you can't use those authenticators to implement SSL authentication because SSL is set up before they are called. The authenticators only have access to the http request object (Net::HTTP::Get) and not the actual http object (Net::HTTP) which would be required to modify any SSL options (see transmit method in RestClient's request.rb).
Currently, you have to pass the SSL options to the apipie-bindings API using its options hash which is not supported by the current hammer-cli implementation.
Looking at this again makes me wonder whether support for additional SSL options should be added to hammer-cli itself instead of the Foreman module.
Cool, would you mind opening a pull request?
- Status changed from New to Ready For Testing
- Assignee set to Robert Frank
- Pull request https://github.com/theforeman/hammer-cli/pull/230 added
- Translation missing: en.field_release set to 233
- Pull request https://github.com/theforeman/hammer-cli-foreman/pull/291 added
- Related to Feature #18930: Document how to setup Hammer to auth with client cert added
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
- Pull request https://github.com/theforeman/hammer-cli/pull/248 added
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by