PAM Authentication
The pam_auth plugin allows users to login to AskCI using the unix accounts on
the host system.
To enable PAM authentication you must:
- Add
pam_authto thePLUGINS_ENABLEDlist inaskci/settings/config.py - Uncomment binds to /etc/shadow and /etc/passwd in
docker-compose.yml - Build the docker image with the build argument ENABLE_PAM set to true
More detailed instructions are below.
Getting Started
This is the detailed walkthough to set up the PAM Authentication plugin.
First, uncomment “pam_auth” at the bottom of askci/settings/config.py to
enable the login option.
PLUGINS_ENABLED = [
# 'ldap_auth',
'pam_auth',
# 'saml_auth'
]
Since we need to get access to users from the host,
you need to edit the docker-compose.yml and uncomment binds to your host:
uwsgi:
restart: always
image: quay.io/vsoch/askci
volumes:
- .:/code
- ./static:/var/www/static
- ./data:/var/www/data
# uncomment for PAM auth
#- /etc/passwd:/etc/passwd
#- /etc/shadow:/etc/shadow
links:
- redis
- db
If you do this, we lose the user added in the container for nginx! You also need to add the nginx user to your host:
$ sudo addgroup --system nginx
$ sudo adduser --disabled-login --system --home /var/cache/nginx --ingroup nginx nginx
Note that this solution would require restarting the container for changes on the host to take effect (for example, adding new users). If you find a better way to do this, please test and open an issue to add to this documentation.
Finally, you must build the docker image with the build argument ENABLE_PAM set to true:
$ docker build --build-arg ENABLE_PAM=true -t quay.io/vsoch/askci .
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.