# cobbler module configuration file
# =================================

# authentication:
# Decides what users can log into the WebUI and call Read-Write XMLRPC methods.
# Choices:
#    authentication.denyall    -- No one (default)
#    authentication.configfile -- Use /etc/cobbler/users.digest (for basic setups)
#    authentication.passthru   -- Ask Apache to handle it (used for kerberos)
#    authentication.ldap       -- Authenticate against LDAP
#    authentication.spacewalk  -- Ask Spacewalk/Satellite (experimental)
#    authentication.pam        -- Use PAM facilities
#    authentication.testing    -- Username/password is always testing/testing (debug)
#    (user supplied)  -- You may write your own module
# WARNING: This is a security setting, do not choose an option blindly.
# For more information:
#    - https://cobbler.readthedocs.io/en/latest/user-guide/web-interface.html
#    - https://cobbler.readthedocs.io/en/release28/5_web-interface/web_authentication.html
#
# hash_algorithm: This parameter has currently only a meaning when the option authentication.configfile is used.
#                 The parameter decides what hashfun algorithm is used for checking the passwords.
#                 Currently available are: sha3_384, sha3_512, blake2b, sha3_224, blake2s, shake_128, shake_256,
#                                          sha3_256

[authentication]
module = authentication.configfile
hash_algorithm = sha3_256

# authorization:
# once a user has been cleared by the WebUI/XMLRPC, what can they do?
# choices:
#    authorization.allowall   -- full access for all authneticated users (default)
#    authorization.ownership  -- use users.conf, but add object ownership semantics
#    (user supplied)  -- you may write your own module
# WARNING: this is a security setting, do not choose an option blindly.
# If you want to further restrict cobbler with ACLs for various groups,
# pick authorization.ownership. authorization.ownership does not support ACLs.  configfile
# does but does not support object ownership which is useful as an additional
# layer of control.

# for more information:
# https://cobbler.readthedocs.io/en/latest/user-guide/web-interface.html
# https://github.com/cobbler/cobbler/wiki/Security-overview
# https://github.com/cobbler/cobbler/wiki/Web-authorization

[authorization]
module = authorization.allowall

# dns:
# chooses the DNS management engine if manage_dns is enabled
# in /etc/cobbler/settings.yaml, which is off by default.
# choices:
#    managers.bind    -- default, uses BIND/named
#    managers.dnsmasq -- uses dnsmasq, also must select dnsmasq for dhcp below
#    managers.ndjbdns -- uses ndjbdns
# NOTE: more configuration is still required in /etc/cobbler
# for more information:
# https://github.com/cobbler/cobbler/wiki/Dns-management

[dns]
module = managers.bind

# dhcp:
# chooses the DHCP management engine if manage_dhcp is enabled
# in /etc/cobbler/settings.yaml, which is off by default.
# choices:
#    managers.isc     -- default, uses ISC dhcpd
#    managers.dnsmasq -- uses dnsmasq, also must select dnsmasq for dns above
# NOTE: more configuration is still required in /etc/cobbler
# for more information:
# https://github.com/cobbler/cobbler/wiki/Dhcp-management

[dhcp]
module = managers.isc

# tftpd:
# chooses the TFTP management engine if manage_tftpd is enabled
# in /etc/cobbler/settings.yaml, which is ON by default.
#
# choices:
#    managers.in_tftpd -- default, uses the system's tftp server
#    managers.tftpd_py -- uses cobbler's tftp server
#

[tftpd]
module = managers.in_tftpd

#-------------------------------------------------