| Dir : /proc/self/root/opt/saltstack/salt/lib/python3.10/site-packages/salt/auth/ |
| Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 IP: 209.182.202.254 |
| Dir : //proc/self/root/opt/saltstack/salt/lib/python3.10/site-packages/salt/auth/sharedsecret.py |
"""Provide authentication using configured shared secret
.. code-block:: yaml
external_auth:
sharedsecret:
fred:
- .*
- '@jobs'
The shared secret should be added to the master configuration, for
example in /etc/salt/master.d/sharedsecret.conf (make sure that file
is only readable by the user running the master):
.. code-block:: yaml
sharedsecret: OIUHF_CHANGE_THIS_12h88
This auth module should be used with caution. It was initially
designed to work with a frontal that takes care of authentication (for
example kerberos) and places the shared secret in the HTTP headers to
the salt-api call. This salt-api call should really be done on
localhost to avoid someone eavesdropping on the shared secret.
See the documentation for cherrypy to setup the headers in your
frontal.
.. versionadded:: 2015.8.0
"""
import logging
log = logging.getLogger(__name__)
def auth(username, password):
"""
Shared secret authentication
"""
return password == __opts__.get("sharedsecret")