github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-06 11:42:14 +00:00
Code Issues Projects Releases Wiki Activity

Add client cert authentication

Browse Source
This commit is contained in:
Jordan Liggitt
2015-03-30 17:24:22 -04:00
parent 92b6f49b3c
commit c797a91e36
4 changed files with 137 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/authentication.md
View File

@@ -1,8 +1,14 @@
# Authentication Plugins
Kubernetes uses tokens to authenticate users for API calls.
Kubernetes uses tokens or client certificates to authenticate users for API calls.
Authentication is enabled by passing the `--token_auth_file=SOMEFILE` option
Client certificate authentication is enabled by passing the `--client_ca_file=SOMEFILE`
option to apiserver. The referenced file must contain one or more certificates authorities
to use to validate client certificates presented to the apiserver. If a client certificate
is presented and verified, the common name of the subject is used as the user name for the
request.
Token authentication is enabled by passing the `--token_auth_file=SOMEFILE` option
to apiserver. Currently, tokens last indefinitely, and the token list cannot
be changed without restarting apiserver. We plan in the future for tokens to
be short-lived, and to be generated as needed rather than stored in a file.