'Pepper' object has no attribute 'ignore_ssl_errors' about pepper HOT 6 CLOSED

Thanks for the report.

Kerberos is it's own special branch in the code. Can you try this change and tell me if it fixes the problem?

from pepper.

Yes thank you, that removed the error. It still prompts for password but can move forward.

I know this is outside of the scope of the client issue, but I now get an error from the server side. I couldn't find any docs on the Salt Master Kerberos config, but the error is:

[DEBUG   ] Could not LazyLoad kerberos.auth
[DEBUG   ] Could not LazyLoad kerberos.groups
[ERROR   ] Exception occurred while authenticating: 'bool' object is not iterable
[ERROR   ] ['Traceback (most recent call last):\n', '  File "/usr/lib/python2.7/site-packages/salt/master.py", line 1881, in mk_token\n    for group in groups:\n', "TypeError: 'bool' object is not iterable\n"]

I tried installing requests and requests_kerberos on the master (from the CentOS repo, not sure if salt-master would use that). From the client side I kinit'd a service ticket for the "http" service which is configured on the master.

Salt Version:
           Salt: 2016.3.3

Dependency Versions:
           cffi: 0.8.6
       cherrypy: 3.2.2
       dateutil: 2.5.3
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.7.2
        libgit2: Not Installed
        libnacl: 1.4.3
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.4.8
   mysql-python: Not Installed
      pycparser: 2.14
       pycrypto: 2.6.1
         pygit2: Not Installed
         Python: 2.7.5 (default, Sep 15 2016, 22:37:39)
   python-gnupg: Not Installed
         PyYAML: 3.11
          PyZMQ: 15.3.0
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.1.4

System Versions:
           dist: centos 7.2.1511 Core
        machine: x86_64
        release: 3.10.0-327.36.1.el7.x86_64
         system: Linux
        version: CentOS Linux 7.2.1511 Core

from pepper.

I'm not sure how this is used, actually. Pinging @arthurlogilab.

from pepper.

@whiteinge @dougofthemoment I believe @metalseargolid introduced the self.ignore_ssl_errors part

at the time when we used pepper with kerberos, salt-api or salt-master did not talk keberos, so our trick was to proxy via an http server that did (apache or nginx) and then have a login/password between the apache and the salt-api.

The trusted auth didn't get integrated in salt saltstack/salt#24960 and we ended up not using pepper since this solution was way too hacky.

We have little time to work on this these days, but I'll gladly help to get this scenario working with salt & pepper...

from pepper.

I opened #93 now to fix the traceback. But it sounds like that won't be useful until we can figure out a good way to get Salt's eauth system working with Kerberos.

from pepper.

Closing since the traceback was fixed. Kerberos support is another issue.

from pepper.