Skip to content

[BUG] salt-api with PAM authentication and dependency on /usr/bin/python3 #66035

New issue
New issue
Closed
#66695
Closed
[BUG] salt-api with PAM authentication and dependency on /usr/bin/python3#66035
#66695
Labels
bugbroken, incorrect, or confusing behaviorneeds-triage
@jcpearson

Description

@jcpearson
jcpearson
opened on Feb 9, 2024

Description
Using (onedir) salt-master/salt-api on EL7 (CentOS 7) set up to use PAM authentication fails as /usr/bin/python3 can't be found

Setup
salt-master/salt-api 3006.4 (onedir) installed and configured on a minimal CentOS 7 server to use PAM authentication

  • on-prem machine
  • VM (VMware/Nutanix)
  • onedir packaging

Steps to Reproduce the behavior
When trying to access the Salt API on the salt-master, gives errors:

salt-master: [ERROR   ] Error 'auth.pam.python' config value does not exist: /usr/bin/python3
salt-master: [WARNING ] Authentication failure of type "eauth" occurred.
salt-api: [ERROR   ] Authentication failure of type "eauth" occurred for user salt-api-user

Expected behavior
salt-master/salt-api to use the python3 provided by Salt itself

Versions Report

salt --versions-report 
Salt Version:
          Salt: 3006.4
 
Python Version:
        Python: 3.10.13 (main, Oct  4 2023, 21:54:22) [GCC 11.2.0]
 
Dependency Versions:
          cffi: 1.14.6
      cherrypy: unknown
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.2
       libgit2: Not Installed
  looseversion: 1.0.2
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 1.0.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     packaging: 22.0
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.9.8
        pygit2: Not Installed
  python-gnupg: 0.4.8
        PyYAML: 6.0.1
         PyZMQ: 23.2.0
        relenv: 0.13.12
         smmap: Not Installed
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.4
 
System Versions:
          dist: centos 7.9.2009 Core
        locale: utf-8
       machine: x86_64
       release: 3.10.0-1160.81.1.el7.x86_64
        system: Linux
       version: CentOS Linux 7.9.2009 Core

Additional context
EL7 doesn't install Python 3 by default, so this issue can be fixed by installing the python3 RPMS - however, as the onedir versions of Salt provides python3, shouldn't 'auth.pam.python' default to using "/opt/saltstack/salt/bin/python3" instead of "/usr/bin/python" ?

i.e. change "/usr/bin/python" to "/opt/saltstack/salt/bin/python3" in pam.py

(setting 'auth.pam.python' to "/opt/saltstack/salt/bin/python3" in the master config also works)

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugbroken, incorrect, or confusing behaviorneeds-triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions