Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No documentation on certificates use #5

Closed
hallyn opened this issue Nov 6, 2014 · 1 comment · Fixed by #13
Closed

No documentation on certificates use #5

hallyn opened this issue Nov 6, 2014 · 1 comment · Fixed by #13
Assignees
@stgraber
Labels
Documentation Documentation needs updating
Milestone
lxd-0.1

Comments

@hallyn
Copy link
Contributor

hallyn commented Nov 6, 2014

There appears to be no guidance as to how certificates should be created, checked, and presented (how and when) to users.
@stgraber stgraber added Documentation Documentation needs updating Release critical labels Nov 6, 2014
@stgraber stgraber added this to the 0.1 milestone Nov 6, 2014
@stgraber stgraber self-assigned this Nov 6, 2014
@stgraber
Copy link
Contributor

stgraber commented Nov 6, 2014

I'll write a short document under spec/ for that.

Basically the current thought is to support two setups:

  1. SSH style, lxd and lxc both generate their own certificates. On first connection to a server, the fingerprint is shown and the user prompted about it. Then they proceed to password authentication (or not if already trusted by the server) and their public key is added to the server's trust store.

  2. PKI style, certificates are generated centrally and manually added to the server and client, including a CA. All checks are performed against the CA, including certificate type checking and the CommonName field. If all checks out, the connection is allowed without user intervention, if something doesn't, the connection fails. The user would then be able to override the failing behaviour through environment or a similarly difficult path.

@stgraber stgraber mentioned this issue Nov 7, 2014
Merged
@hallyn hallyn closed this as completed in #13 Nov 7, 2014
@laralar laralar mentioned this issue Jun 24, 2017
Closed
@ColinIanKing ColinIanKing mentioned this issue Oct 7, 2019
Closed
@cemzafer cemzafer mentioned this issue May 21, 2020
Closed
6 tasks
@geaaru geaaru mentioned this issue Jul 4, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stgraber stgraber

Labels
Documentation Documentation needs updating
Projects
None yet
Milestone
lxd-0.1
Development

Successfully merging a pull request may close this issue.

Add ssl auth specification
2 participants
@hallyn @stgraber