Cockpit 126 and 127
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 126 and 127.
Show security scan information about container images
Lars did work to show security scan information about container images. The displayed scans happen via the atomic scan tools and the data comes from the OpenSCAP system. Take a look at the video below.
Choose whether password is cached and reused on the login screen
The typical workflow for performing privileged tasks on a Linux system is to log in as a non-root user and then use sudo or Polkit to escalate privileges.
Stef did work to make Cockpit’s privilege escalation reflect this properly. Cockpit now has an option on the login screen to Reuse my password for privileged tasks. Checking this option automatically performs reuses the login password as necessary to escalate privileges. If you leave this box unchecked then Cockpit will behave exactly as a normal user login without special privileges.
In the future we’ll have a way to enable this option once logged in, and retype your password inside of the logged in session.
Here’s a video which shows how this works:
The remotectl command can now combine certificate and key files
Peter did work to make it easier to use TLS certificate and key files with
Cockpit for port 9090. Normally the server certificate(s) and key need to be
combined into a single file and placed into the /etc/cockpit/ws-certs.d
directory. The remotectl
command that comes with Cockpit can now be
used to build such a combined file:
remotectl certificate server.pem chain.pem key.pem
Due to this, when Cockpit is deployed as an Openshift Pod it can use certificates provided by Openshift.
Cockpit respects /etc/shells
Martin fixed Cockpit so it only allows the user to log in if the user has a
valid shell listed in /etc/shells
. In addition bugs on Ubuntu and Debian
have been fixed where users were created without valid shells.
Allow renaming of active devices in networking interface
You can now rename network devices like bonds or bridges while they’re active. The change will apply immediately and without any interruption in service.
Rename cockpit-shell to cockpit-system
The cockpit-shell
subpackage has been renamed to cockpit-system
to
better reflect its focus: configuring and troubleshooting the local system.
Kerberos authentication now work even if gss-proxy is in use
Sometimes Kerberos (or GSSAPI) single-sign-on authentication requires multiple round trips to the server. Cockpit now supports this properly, and the end result is that SSO works even when fancy things like GSS-Proxy are in use.
Try it out
Cockpit 127 is available now: