This allows for users authenticated to the Koji Web interface via
Kerberos to be proxied to the HUB using an SSL certificate and
(in theory) vice versa though it's not clear why you'd want that.
This is useful in environments where the owners of the Kerberos
realm are not willing to create service accounts and export
keytabs for them.
Set WebAuth = kerberos to indicate that users are authenticated
to the web via Kerberos. The existing config controls how kojiweb
authenticates to the HUB.
If using this, it is recommended to set
LoginCreatesUser = Off
in hub.conf, to avoid accidental creation of Koji accounts for
users of the wider Kerberos realm.
At @mikeb's suggestion in the code review, this makes HiddenUsers plural.
This makes the whole changeset a little more invasive than it was before, so please review carefully.
This adds new query arguments to the taskList hub xmlrpc endpoint, and then
makes use of those arguments in koji-web. A new optional configuration value
is added for koji-web: `HiddenUser`, which can be used to specify which user
account should be hidden. This could be useful for deployments that have a
continuous-integration account, the spam from which makes the frontpage
difficult to read.
Unit test cases are also added for some functions of the hub taskList endpoint.
Signed-off-by: Ralph Bean <rbean@redhat.com>
The client CA is only needed to for authentication on the server side,
not for authentication on the client side. Therefore remove it from all
client login code.
- mod_python still supported, but deprecated
- mod_wsgi is the default
- koji-web now configured via web.conf
- new wsgi-friendly publisher for koji-web
- koji-web now has logging
