Add support for HTTP basic auth to the kube-apiserver.

docs/authentication.md

@@ -1,6 +1,6 @@
 # Authentication Plugins
 
-Kubernetes uses tokens or client certificates to authenticate users for API calls.
+Kubernetes uses client certificates, tokens, or http basic auth to authenticate users for API calls.
 
 Client certificate authentication is enabled by passing the `--client_ca_file=SOMEFILE`
 option to apiserver. The referenced file must contain one or more certificates authorities
@@ -16,6 +16,16 @@ be short-lived, and to be generated as needed rather than stored in a file.
 The token file format is implemented in `plugin/pkg/auth/authenticator/token/tokenfile/...`
 and is a csv file with 3 columns: token, user name, user uid.
 
+Basic authentication is enabled by passing the `--basic_auth_file=SOMEFILE`
+option to apiserver. Currently, the basic auth credentials last indefinitely,
+and the password cannot be changed without restarting apiserver. Note that basic
+authentication is currently supported for convenience while we finish making the
+more secure modes described above easier to use.
+
+The basic auth file format is implemented in `plugin/pkg/auth/authenticator/password/passwordfile/...`
+and is a csv file with 3 columns: password, user name, user id.
+
+
 ## Plugin Development
 
 We plan for the Kubernetes API server to issue tokens