search

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
Other
13.88k stars 3.4k forks source link

RFE: Send real client remote address in TACACS+ authentication packet #1797

Open b0urn3 opened 6 years ago

b0urn3 commented 6 years ago
ISSUE TYPE
COMPONENT NAME
SUMMARY

Currently the TACACS+ authentication backend

https://github.com/ansible/awx/blob/96370584062a15271abafab7fc557ac2879aa38c/awx/sso/backends.py#L225-L227

sends default value for client remote address

https://github.com/ansible/tacacs_plus/blob/526b5a29c5656bbd8644accca238d1e9303dc272/tacacs_plus/flags.py#L81

The function authenticate() in TACACSClient supports sending client remote address as parameter and should be used to correctly report client real address.

https://github.com/ansible/tacacs_plus/blob/9ba553f79efcc7b955001503d1953900ba6284a4/tacacs_plus/client.py#L158

ENVIRONMENT
EXPECTED RESULTS

TACACS+ authentication packet will contain clients real remote address.

ACTUAL RESULTS

Client remote address is always set to python_device.

john-westcott-iv commented 1 year ago

@b0urn3 can you confirm this is now addressed with #14077 merged in?