Created attachment 1208427 [details] xmlrpclib test authentication script Description of problem: Hi everyone, I have a setup of spacewalk configured with freeipa, everything woks well on the web gui. Except this I have a python script using xmlrpclib which runs in the %pre part of the kickstart which authenticates against the spacewalk/rhn api do be able to do certain things. If I use my account which is in freeipa, authentication fails unless i enable "Use PAM" in the spacewalk gui for that external account. Was wondering if this is the intended behaviour or it's a bug. Version-Release number of selected component (if applicable): Spacewalk 2.5 FreeIPA 4.0 How reproducible: always Steps to Reproduce: 1. configure spacewalk with freeipa using the provided scripts according to docs. 2. logon to spacewalk web gui using an external account in freeipa eg. testuser (make sure it has admin and org rights) 3. try the attached script which fails to logon to the API 4. in spacewalk gui (as admin) enable "Use PAM" for the testuser 5. try the attached script again and now it will validate the credentials Actual results: Spacewalk freeipa pam is not fully working Expected results: Expected any external users with permissions to be able to logon to the API without any extra actions. Additional info:
FreeIPA version is 4.2, sorry for the typo.
+1 on this. I'm not sure why, when the user account is created via PAM, it's not automatically checking the box for "Use PAM". This blocks users from doing things like 'spacewalk-channel' unless we go in and check the box for Use PAM on every new user registration. Seems like this one would be an easy fix for having the bug open for 1.5 years now. Thanks!
Spacewalk 2.8 (and older) has already reached it's End Of Life. Thank you for reporting this issue and we are sorry that we were not able to fix it before end of life. If you would still like to see this bug fixed and are able to reproduce it against current version of Spacewalk 2.9, you are encouraged change the 'version' and re-open it.