Remove need for KerberosLogin from RPC tools.
The initial move, which happened outside of Chrome OS, to KerberosLogin was to
add more security around jobs that ran in Google Data centers. Chrome OS's lab
is lot more isolated and all tests are run on limited hardware. The risk
of exposure here is a lot lower, as the Chrome OS lab has no access to customer
data.
Removing this requirement moves auth back to the previous getpass() pathway.
When people go to the frontend they will be properly identified by SSO.
When they run jobs via the CLI or RPC interfaces they will be identified by
getpass accordingly. This is spoofable, but the previous KerberosLogin was also
spoofable after auth.
This will allow people to use the RPC interface from the chroot and will
alleviate failures like the one referenced in this commit.
TEST=put on test machine and tested SSO login from the frontend and cli access.
frontend_unittest.py tests.
Checked apahce logs and verified requests are going through the /noauth/
pathway.
BUG=chromium-os:28847
Change-Id: I7fd32a3b3864ecb7c3a42a642c666f1673c6e1c6
Reviewed-on: https://gerrit.chromium.org/gerrit/19537
Tested-by: Scott Zawalski <scottz@chromium.org>
Reviewed-by: Chris Masone <cmasone@chromium.org>
Reviewed-by: Scott Zawalski <scottz@chromium.org>
Commit-Ready: Scott Zawalski <scottz@chromium.org>
diff --git a/cli/rpc.py b/cli/rpc.py
index 1cff0c1..b87fab4 100644
--- a/cli/rpc.py
+++ b/cli/rpc.py
@@ -9,8 +9,8 @@
GLOBAL_CONFIG = global_config.global_config
DEFAULT_SERVER = 'autotest'
-AFE_RPC_PATH = '/afe/server/rpc/'
-TKO_RPC_PATH = '/new_tko/server/rpc/'
+AFE_RPC_PATH = '/afe/server/noauth/rpc/'
+TKO_RPC_PATH = '/new_tko/server/noauth/rpc/'
class AuthError(Exception):