Reputation: 1396
Why am I prompted to enter username and password when using `salt -a pam`?
I am following the external authentication documentation at https://docs.saltstack.com/en/latest/topics/eauth/index.html
I have configured external_auth in the master to allow the user ubuntu to issue salt commands.
Running salt -a pam '*' test.ping as user ubuntu works, except I am being prompted for user and password.
I know the about -T authentication token option, but it still requires the initial password prompt and it expires.
The command is being executed as ubuntu already, why am I being prompted again? Is there a way to remove the prompt altogether? Allowing unattended programs running as the ubuntu user to issue salt commands?
Is this a problem with Saltstack, or a matter of pam configuration? According to the documentation Saltstack uses the login service (e.g. /etc/pam.d/login).
Upvotes: 1
Views: 281
Answers (1)
Reputation: 720
In the documentation it's stated: "Pass in an external authentication medium to validate against. The credentials will be prompted for. ", so it's expected.
If you're logged on the master, you shouldn't have to use external_auth.
You should instead use publisher_acl:
"The salt publisher ACL system is a means to allow system users other than root to have access to execute select salt commands on minions from the master."
See the docs for more infos.
Upvotes: 2
Related Questions
- Why isn't salt-api working with this configuration?
- How to set root password using salt states
- Saltstack states requiring interactive entry
- getting auth failure on salt-cloud command
- Salt times out when using external authentication (PAM)
- How to authenticate username/password using PAM w/o root privileges
- Saltstack create user : password is not set
- Salt-Stack require statement
- /bin/login checks passwd despite passing pam account checks
- php salt authentication