salt.auth.sharedsecret
Provide authentication using configured shared secret
external_auth:
sharedsecret:
fred:
- .*
- '@jobs'
The shared secret should be added to the master configuration, for
example in /etc/salt/master.d/sharedsecret.conf (make sure that file
is only readable by the user running the master):
sharedsecret: OIUHF_CHANGE_THIS_12h88
This auth module should be used with caution. It was initially
designed to work with a frontal that takes care of authentication (for
example kerberos) and places the shared secret in the HTTP headers to
the salt-api call. This salt-api call should really be done on
localhost to avoid someone eavesdropping on the shared secret.
See the documentation for cherrypy to setup the headers in your
frontal.
New in version Beryllium.
-
salt.auth.sharedsecret.
auth
(username, sharedsecret, **kwargs)
Shared secret authentication