[Spacewalk-list] API using hashed SATELLITE_PASSWORD
Grant Gainey
ggainey at redhat.com
Thu May 8 22:08:02 UTC 2014
----- Original Message -----
> We would like to use a hashed password with the API. Example below:
Your example seems to just use the API with a password like usual?
>
> # !/usr/bin/python import xmlrpclib
>
> SATELLITE_URL = " http://satellite.example.com/rpc/api " SATELLITE_LOGIN =
> "username" SATELLITE_PASSWORD = "password" client = xmlrpclib.Server
> (SATELLITE_URL , verbose = 0 ) key = client.auth.login (SATELLITE_LOGIN ,
> SATELLITE_PASSWORD ) list = client.user.list_users (key) for user in list :
> print user.get ( 'login' ) client.auth.logout (key)
>
>
> Will this cause any problems in other areas? Will it work at all?
What are you trying to accomplish, really?
If it's "tell customers that their password is never known by the SW server" - well, let's see. You could set up their accounts by asking them for a password, salt+hash that string, binhex it, and use *that* as their SW password. Then, to use the API, give them a script/application that asked them for their 'real' password and replicated the process before talking to SW. Basically, the salthash'd string *is* their pwd, from SW's POV, but SW never knows the string the user remembers.
On the other hand, if you're trying to protect your SW admin's pwd from prying eyes - well, sooner or later, *something* has to call login. And whatever you call the Thing that login accepts, it needs to be secure, or a nosey user of your script is still going to end up with the ability to trash your SW instance :)
But I think maybe I'm not understanding what you're trying to do. Can you give us more context?
G
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
More information about the Spacewalk-list
mailing list