Closed dkess closed 6 years ago
kpengboy
commented
6 years ago We really ought to set up dev versions of our Marathon services, particularly this one. It's by far not the first time I've wanted to test this service on Marathon before deploying it.
dkess
commented
6 years ago Yeah, I tested this by editing the config file, which definitely isn't ideal because I had to undo the changes before committing.
kpengboy
commented
6 years ago I'm interested in knowing the following:
dkess
commented
6 years ago This was all tested from outside the OCF network. I didn't test on Windows but I don't expect that to be a problem because it's just HTTP basic auth.
kpengboy
commented
6 years ago Well Windows currently has this problem where it tries to authenticate using Kerberos, fails because it can't contact KDCs in the realm (or whatever), and then falls back to using HTTP auth. Don't know how it will work with this change.
dkess
commented
6 years ago That problem seems like it would arise from AuthType Kerberos. Since it's now changed to AuthType Basic it should be fine. This is basically the same as auth_pam in nginx.
dkess
commented
6 years ago Going to merge this. Pray reax only
kpengboy
commented
6 years ago The Windows quadruple-login problem seems to be fixed, thank you!
This (finally) solves ocf.io/rt/5948. It changes RT to use PAM authentication, and only allows opstaff and ocfstaff to log in.
This has been tested on my staffvm.