ansible/awx

RFE: Send real client remote address in TACACS+ authentication packet

Open

#1,797 创建于 2018年4月25日

在 GitHub 查看
 (1 评论) (1 反应) (0 负责人)Python (3,333 fork)batch import
Hacktoberfestcomponent:apicomponent:authenticationgood first issuehelp wantedtype:enhancement

仓库指标

Star
 (13,071 star)
PR 合并指标
 (平均合并 24天 6小时) (30 天内合并 30 个 PR)

描述

ISSUE TYPE
  • Feature Idea
COMPONENT NAME
  • API
SUMMARY

Currently the TACACS+ authentication backend

https://github.com/ansible/awx/blob/96370584062a15271abafab7fc557ac2879aa38c/awx/sso/backends.py#L225-L227

sends default value for client remote address

https://github.com/ansible/tacacs_plus/blob/526b5a29c5656bbd8644accca238d1e9303dc272/tacacs_plus/flags.py#L81

The function authenticate() in TACACSClient supports sending client remote address as parameter and should be used to correctly report client real address.

https://github.com/ansible/tacacs_plus/blob/9ba553f79efcc7b955001503d1953900ba6284a4/tacacs_plus/client.py#L158

ENVIRONMENT
  • AWX version: 1.0.5
  • AWX install method: openshift, minishift, docker on linux, docker for mac, boot2docker
  • Ansible version: N/A
  • Operating System: Any
  • Web Browser: Any
EXPECTED RESULTS

TACACS+ authentication packet will contain clients real remote address.

ACTUAL RESULTS

Client remote address is always set to python_device.

贡献者指南