salt.auth.sharedsecret

Provide authentication using configured shared secret

external_auth:
  sharedsecret:
    fred:
      - .*
      - '@jobs'

The shared secret should be added to the master configuration, for example in /etc/salt/master.d/sharedsecret.conf (make sure that file is only readable by the user running the master):

sharedsecret: OIUHF_CHANGE_THIS_12h88

This auth module should be used with caution. It was initially designed to work with a frontal that takes care of authentication (for example kerberos) and places the shared secret in the HTTP headers to the salt-api call. This salt-api call should really be done on localhost to avoid someone eavesdropping on the shared secret.

See the documentation for cherrypy to setup the headers in your frontal.

Beryllium 新版功能.

salt.auth.sharedsecret.auth(username, sharedsecret, **kwargs)

Shared secret authentication