chef - [chef] Re: RE: Re: Installing a package from a password-protected UNC share

First login ?
Lost password ?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: RE: Re: Installing a package from a password-protected UNC share

From: Andrea Campi < >
To: " " < >
Subject: [chef] Re: RE: Re: Installing a package from a password-protected UNC share
Date: Fri, 8 Feb 2013 11:30:14 +0100

On Sun, Feb 3, 2013 at 11:09 PM, Kevin Keane Subscription < " target="_blank"> > wrote:

All of that only works within a domain, because it relies on computers in the domain being able to trust each other and/or trust a central (Kerberos) server. Without a domain environment, there really is nothing the server could trust, other than an actual user name and password. In fact, solving this particular issue was the main motivation for creating domains in the first place.

You may have missed the beginning of the thread: I am specifically asking how to access with an explicit login and password.

There is no domain and no Kerberos server: this is an ISP setup where all VMs are owned by different customers who may or may not have their own domain.

I only need to fetch some files, with password protection thrown on for some "security through obscurity" (no, I don't think it's a good idea, but these are the specs and I can't change them).

smbclient from Samba can do that easily by including the credentials in the UNC URL, but there seems to be no Windows way to do that.

You may have one other option, although it's far too complicated for my taste: you can set up a Kerberos server. Windows can use that for authentication even without a domain.
It sounds like none of this would be an option. Here is another way to do that "the chef way".

You could manually copy the files you need to the file directory in your cookbook. Instead of fetching the file from the UNC server, it would come from Chef itself. Drawback is that you have an updating nightmare.

Multi-megabyte files in Chef are bad. :)

The other option would be to use a script resource to copy the file over and provide the password.

The third option is to use a wrapper script that authenticates to the UNC share, maybe even mounts it with a drive letter, and then calls chef-client.

These are good options, and other suggestions that were offered sounds good too. Unfortunately they are non-trivial.

Just for some closure, for the benefit of future searches:

We are seeking permission to mirror those files from SMB to a separate nginx server that will serve them over plain HTTP with basic auth.

That fits our basic requirements with minimal changes to the workflow.

Thanks for all that helped!

Andrea

[chef] RE: Installing a package from a password-protected UNC share, Kevin Keane Subscription, 02/02/2013
- [chef] Re: RE: Installing a package from a password-protected UNC share, Andrea Campi, 02/03/2013
- <Possible follow-up(s)>
- [chef] Re: Installing a package from a password-protected UNC share, Jesse Campbell, 02/03/2013
  - [chef] RE: Re: Installing a package from a password-protected UNC share, Kevin Keane Subscription, 02/03/2013
    - [chef] Re: RE: Re: Installing a package from a password-protected UNC share, Andrea Campi, 02/08/2013
  - [chef] Chef Client 11?, John Dewey, 02/03/2013
    - [chef] RE: Chef Client 11?, Matt Ray, 02/04/2013
      - [chef] Re: RE: Chef Client 11?, Bryan Berry, 02/04/2013
        
        [chef] Re: Re: RE: Chef Client 11?, Jamie Winsor, 02/04/2013
        
        [chef] Re: Re: RE: Chef Client 11?, Jamie Winsor, 02/04/2013