pkgctl-auth

Authenticate pkgctl with the GitLab instance

$ pkgctl auth login

$ pkgctl auth status

pkgctl auth subcommand [options]
pkgctl auth login [--username user] [--password-file file]
pkgctl auth logout
pkgctl auth status

login
    subcommand. Authenticates the user with configured services or repositories. This typically prompts for credentials interactively if not provided via options or environment variables, then securely stores authentication tokens.

--username
    option for login. Specifies the username for non-interactive authentication. Should be used with --password-file or in an environment where the password can be provided.

--password-file
    option for login. Provides the password from a specified file for non-interactive authentication. The file should contain only the password and have restrictive permissions (e.g., 0600).

logout
    subcommand. Deauthenticates the user by removing stored credentials or tokens for all configured services, requiring re-login for future authenticated operations.

status
    subcommand. Displays the current authentication status for all configured services, indicating whether the user is logged in and, in some cases, the expiry of tokens.

pkgctl-auth refers to the authentication capabilities within the pkgctl package management utility, primarily accessed via the pkgctl auth subcommand. This functionality allows users to securely log in, log out, and check their authentication status with various package repositories and services that require credentials, such as Red Hat Subscription Management or private enterprise repositories.

It handles the secure storage and retrieval of authentication tokens or credentials, ensuring that pkgctl can access authorized resources. Unlike many traditional Linux commands, pkgctl-auth is not a standalone executable but an integral part of the pkgctl command suite, focusing on providing a streamlined and secure authentication workflow for package operations. It integrates with system credential stores where available, enhancing security and user convenience.

Security: When using --password-file, ensure the file has restrictive permissions (e.g., 0600) to prevent unauthorized access to credentials. Avoid using this option in shared environments if possible.
Integration: pkgctl-auth relies on the proper configuration of pkgctl services and repositories. If services are not correctly set up, authentication attempts may fail.
Non-Standalone: This command refers to a sub-component of pkgctl. There is no direct pkgctl-auth executable; functionality is accessed via pkgctl auth.

pkgctl-auth attempts to integrate with secure system credential stores (e.g., keyring services) where available, to store authentication tokens and sensitive data more securely than plain text files. This enhances overall system security.

The exact authentication flow and requirements can vary depending on the service being authenticated against. For instance, authenticating with Red Hat Subscription Management uses different mechanisms than a simple username/password for an HTTP basic authentication protected repository.

pkgctl is part of the DNF5 project, intended as a modern, high-level command-line interface for RPM-based package management. Its development aims to unify and simplify package operations. The auth subcommand, which pkgctl-auth refers to, was introduced as an essential component to handle authentication for commercial or private repositories, a common requirement in enterprise environments. It provides a more structured and secure way to manage credentials compared to ad-hoc methods.

pkgctl(8), dnf(8), subscription-manager(8), secrets(7)