-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support client tokens for authentication #343
Comments
I think I understand what you mean partly: The process to generate certificates will let the user download the pfx file and import that to the browser. Adding the cert to the trust store will happen via the http API - directly from the browser. To allow that, we let users authenticate once (for the post to What I don't understand is reuse of an existing certificate for another server. We need to share the certificate from one lxd-ui instance to another one. We need the certificate on a new instance for the post to |
Fixed with #374 |
The current TLS support is nice, but it has the downside of pushing users towards generating one client certificate per LXD server.
This then gets them into the annoying authentication flow of having to figure out which certificate to select in their browser.
Instead it may be interesting to support LXD's token based authentication where the user would basically:
lxc config trust add --name some-name
on the LXD serverIn this scenario, the user never needs to pass a .crt to the server and they can also rely on a single certificate per browser instead of per server.
The text was updated successfully, but these errors were encountered: