Hide Forgot
The PulpDist web application is currently completely open - there's no requirement to be logged in as a recognised user. This needs to change, with the following guidelines: - *everything* requires an active login, including access to the REST API - the *only* thing that can be updated via the web app is the list of registered servers. Everything else is handled via direct execution of commands against the back end Pulp servers (primarily via scripts that read JSON files). - two forms of auth will be supported initially: - native (via Django's internal auth) (for Apache-independent automated testing) - external (e.g. via Apache Basic Auth or Kerberos)
*Should* be done now, but needs to be tested with Apache handling the authentication (requires a staging server with Kerberos or some dummy Basic Auth users set up)
Basic access is working, but: 1. Logging out doesn't currently work (since the web server just passes the user credentials back in anyway) 2. The remote user backend needs to be customised so that configured site administrators are correctly granted site administration privileges
All done in Git. The log out issue is still unresolved (since the web browser retains the Kerberos token and the only way I know how to drop it is to restart the client), but this has been handled via the simple expedient of not displaying a "logout" link when using Kerberos.