Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server-client security #117

Open
dsschult opened this issue Oct 12, 2017 · 0 comments
Open

server-client security #117

dsschult opened this issue Oct 12, 2017 · 0 comments
Labels
client priority:medium server
Projects
Pyglidein

Comments

@dsschult
Copy link
Collaborator

Secure the communication between the client and server by requiring an access key.

For convenience, use LDAP + JWT. Initially, a user must manually start the client to "register" with the server with their LDAP. A token then gets saved to the local filesystem, which is valid for 1 month and can be auto-revalidated every day.

If the glidein client has not talked with the server for more than a month, then a human must again "register".

Note that we can embed special fields into the JWT, such as site name or S3 key. Be sure to embed a uuid for the client, and keep a list of all uuids in the server to check for banning purposes.

Depends on #116.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
client priority:medium server
Projects
Pyglidein
Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dsschult