Add RSA SecurID server support #10667
Conversation
Initial commit to aid dealing with RSA SecurID protected servers. Requires a third party script to facilitate authentication (the pickling of authenticated cookie): https://github.com/milljm/rsasecure_login With everyone's blessing, I will move the helper script over to conda-forge.
|
We require contributors to sign our Contributor License Agreement, and we don't have one on file for @milljm. In order for us to review and merge your code, please e-sign the PDF at https://conda.io/en/latest/contributing.html#conda-contributor-license-agreement. We then need to manually verify your signature. We will ping the bot to refresh the PR status when we have confirmed your signature. |
Remove cookie missing message. The fix is the same, so post _that_ message.
|
@anaconda-issue-bot check |
anaconda-issue-bot
added
the
cla-signed
Use request headers to determine a working RSA connection. Fix pylint issues.
|
@dbast I am not sure why the tests are not firing. Anything you can trigger? |
Remove unnecessary imports
|
Please re-test. |
Initial commit to add rsasecure_login to conda-forge. Note: This package requires a milestone conda/conda#10667 This is a work in progress. Aside from the obvious milstone requirement, I am not sure I like the command name `rsasecure_login`.
Initial commit to add rsasecure_login to conda-forge. Note: This package requires a milestone conda/conda#10667 This is a work in progress. Aside from the obvious milstone requirement, I am not sure I like the command name `rsasecure_login`.
Initial commit to add rsasecure_login to conda-forge. Note: This package requires a milestone conda/conda#10667 This is a work in progress. Aside from the obvious milestone requirement, I am not sure I like the command name `rsasecure_login`.
|
Conda-Forge companion script: conda-forge/staged-recipes#15016 |
| @@ -91,6 +94,7 @@ def __init__(self): | |||
| self.mount("https://", http_adapter) | |||
| self.mount("ftp://", FTPAdapter()) | |||
| self.mount("s3://", S3Adapter()) | |||
| self.mount("rsa://", SecureIDAdapter()) | |||
There was a problem hiding this comment.
Is rsa:// a documented/standardized URL scheme component for this server?
There was a problem hiding this comment.
Unfortunately not. I did some basic research on the matter using s3:// as an example. Couldn't figure out how to connect to amazon using that prefix (while using requests). So I figured I might be allowed to do this for servers protected by RSASecurID.
I realize it's pretty hacky! Suggestions?
There was a problem hiding this comment.
Perhaps I should try to figure out if this server is protected by RSA, do all the things...
There was a problem hiding this comment.
I think adding support for 2FA and other (HTTP-based) authentication mechanisms to conda is a good idea. But I want to avoid starting (or continuing, I guess) the pattern of requiring to create a custom adapter for every authn scheme, especially for schemes like this that appear to be just slightly modified HTTP requests.
I'm going to bump this out of the 4.10.2 release, so we can maybe discuss some other, more generic ways of handling HTTP-based authn.
There was a problem hiding this comment.
Understood. I can try to dig around Conda's internals and see if I can come up with something on my own as well. I'll gladly post another PR if/when that occurs.
Cheers!
chenghlee
added
source::community
kenodegard
added
type::feature
|
Hi @milljm, I just want to let you know that we are currently considering whether to make the If you are interested in that discussion, please check out the following CEP (conda enhancement proposal). It's still a draft, but if you had any input, that would be very much welcome: |
Initial commit to aid dealing with RSA SecurID protected servers.
Requires a third party script to facilitate authentication (the pickling
of authenticated cookie): https://github.com/milljm/rsasecure_login
With everyone's blessing, I will move the 3rd party helper script over to conda-forge.
Or do this first if that is a requirement?