auth

command
v0.0.0-...-3e0f7d7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 24, 2017 License: AGPL-3.0 Imports: 7 Imported by: 0

README

Auth

Digota's Authentication is based on private ClientCAs, basically we are creating CA and signing any certificate we want to approve with same CA.

How about revoking certificate? The CRL approch here is whitelist instead of blacklist, just remove client serial from your config.

The easiest way to generate certificates is using certstrap.

Create CA
$ certstrap init --common-name "ca.company.com"
output:
Created out/ca.company.com.key
Created out/ca.company.com.crt
Created out/ca.company.com.crl
Create Server Certificate
$ certstrap request-cert --domain server.company.com
output:
Created out/server.company.com.key
Created out/server.company.com.csr
Create Client Certificate
$ certstrap request-cert --domain client.company.com
output:
Created out/client.company.com.key
Created out/client.company.com.csr
Sign Certificate
$ certstrap sign --CA "ca.company.com" client.company.com
output:
Created out/client.company.com.crt from out/client.company.com.csr signed by out/ca.company.com.key
Approve Certificate

Take the certificate serial

$ openssl x509 -in out/client.com.crt -serial | grep -Po '(?<=serial=)\w+'
output:
serial=A2FF9503829A3A0DDE9CB87191A472D4

Append the serial and scopes(WRITE,READ,WILDCARD) to your config

...
...
...
clients:
- serial: "A2FF9503829A3A0DDE9CB87191A472D4"
  scopes:
  - READ
  - WRITE

Documentation

The Go Gopher

There is no documentation for this package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL