Troubleshooting external authentication

Troubleshooting auth modules is a little different from other types of module, because what you're testing is the ability to access a command, not the functionality of the resulting command. This means that the command that you choose to execute should be one that is already known to work, such as test.ping.

Setting auth parameters

Before you can use an auth module, you need to enable it in the master configuration file. Multiple auth modules can be configured, using the external_auth directive:

external_auth:
  pam:
    moe:
      - .*
      - '@runner'
      - '@wheel'
    larry:
      - test.*
      - disk.*
      - network.*
      - '@runner'
      - '@wheel'
  webauth:
    shemp:
      - test.*
      - network.*
      - '@runner'
      - '@wheel'

In this example, we have three users set, between ...

Get Extending SaltStack now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Extending SaltStack by Joseph Hall

Troubleshooting external authentication

Setting auth parameters

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly