Comments (6)
Thanks for the report.
Kerberos is it's own special branch in the code. Can you try this change and tell me if it fixes the problem?
from pepper.
Yes thank you, that removed the error. It still prompts for password but can move forward.
I know this is outside of the scope of the client issue, but I now get an error from the server side. I couldn't find any docs on the Salt Master Kerberos config, but the error is:
[DEBUG ] Could not LazyLoad kerberos.auth
[DEBUG ] Could not LazyLoad kerberos.groups
[ERROR ] Exception occurred while authenticating: 'bool' object is not iterable
[ERROR ] ['Traceback (most recent call last):\n', ' File "/usr/lib/python2.7/site-packages/salt/master.py", line 1881, in mk_token\n for group in groups:\n', "TypeError: 'bool' object is not iterable\n"]
I tried installing requests and requests_kerberos on the master (from the CentOS repo, not sure if salt-master would use that). From the client side I kinit'd a service ticket for the "http" service which is configured on the master.
Salt Version:
Salt: 2016.3.3
Dependency Versions:
cffi: 0.8.6
cherrypy: 3.2.2
dateutil: 2.5.3
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
Jinja2: 2.7.2
libgit2: Not Installed
libnacl: 1.4.3
M2Crypto: Not Installed
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.8
mysql-python: Not Installed
pycparser: 2.14
pycrypto: 2.6.1
pygit2: Not Installed
Python: 2.7.5 (default, Sep 15 2016, 22:37:39)
python-gnupg: Not Installed
PyYAML: 3.11
PyZMQ: 15.3.0
RAET: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 4.2.1
ZMQ: 4.1.4
System Versions:
dist: centos 7.2.1511 Core
machine: x86_64
release: 3.10.0-327.36.1.el7.x86_64
system: Linux
version: CentOS Linux 7.2.1511 Core
from pepper.
I'm not sure how this is used, actually. Pinging @arthurlogilab.
from pepper.
@whiteinge @dougofthemoment I believe @metalseargolid introduced the self.ignore_ssl_errors part
at the time when we used pepper with kerberos, salt-api or salt-master did not talk keberos, so our trick was to proxy via an http server that did (apache or nginx) and then have a login/password between the apache and the salt-api.
The trusted auth didn't get integrated in salt saltstack/salt#24960 and we ended up not using pepper since this solution was way too hacky.
We have little time to work on this these days, but I'll gladly help to get this scenario working with salt & pepper...
from pepper.
I opened #93 now to fix the traceback. But it sounds like that won't be useful until we can figure out a good way to get Salt's eauth system working with Kerberos.
from pepper.
Closing since the traceback was fixed. Kerberos support is another issue.
from pepper.
Related Issues (20)
- [BUG] Can't send pillar data in kwarg HOT 2
- using pepper with tokens does not honor profiles HOT 1
- Add changelog HOT 1
- Release 0.7.6 breaks --fail-any-none flag HOT 1
- Server error on jobs.lookup_jid with runner client HOT 3
- saving the response to file on MacOS add random characters HOT 4
- pepper.cmd wrapper not included in pip package
- No way to pass tgt_type to API HOT 1
- Should provide a logout function
- Unable to use --state-output=mixed --state-verbose=false with pepper HOT 2
- TLS issues are always ignored HOT 1
- Migrate Travis CI jobs to GitHub Actions HOT 1
- Installing salt-pepper 0.5.5-1 on ubuntu 20.04 failing: cli.py:474: SyntaxWarning: "is not" with a literal. Did you mean "!="?
- Makefile not working on ubuntu 18.04 dev machine
- ~/.pepperc not referred on latest 0.7.6 HOT 1
- Using pepper to get list of registered salt-minions ? HOT 2
- Fix failing test suite HOT 1
- Pepper no longer respecting --out flag HOT 5
- [CI] Remove Python 3.7 in favor of 3.11
- pytest.helpers.remove_stale_minion_key not registered
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pepper.