Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support multiple users in the UI #294

Closed
timbru opened this issue Jul 24, 2020 · 1 comment · Fixed by #368
Closed

Support multiple users in the UI #294

timbru opened this issue Jul 24, 2020 · 1 comment · Fixed by #368
Projects

Comments

@timbru
Copy link
Member

timbru commented Jul 24, 2020

The UI login relies on the global 'admin' token.

This means that there is no way to differentiate between users:

  • they share credentials
  • they have the same full access
  • it is not clear from audit logs who did what

Work-around could be to enable some form of basic authentication on the proxy.

But, in time this should be improved. Ideas. and operational requirements are welcome!

We will probably need to support multiple users, with their own passwords, and the ability to restrict access to specific CAs in krill (if more than one exists) based on the user. Preferably though without re-inventing the wheel. Maybe we can / should work with public openid providers? Like, use your github / google / $something account to login?

@timbru timbru created this issue from a note in Unsorted (security) Jul 24, 2020
@aistiszen
Copy link

We've had good success combining Hydra (https://www.ory.sh/hydra/docs) for token management and Keto (https://www.ory.sh/keto) for ACLs/policy control.

@ximon18 ximon18 linked a pull request Jan 29, 2021 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Unsorted
security
Development

Successfully merging a pull request may close this issue.

2 participants