You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ptgott
changed the title
[v.12.x] /docs/pages/management/guides/teleport-operator.mdx
Document support for local users in the Kubernetes Operator
Mar 17, 2023
The operator does support creating local users. It seems the confusion came from the decorrelation between user creation and the initial password reset token creation.
When you do tctl users add, it first creates a user, then creates a reset token for this user. The operator ensures the user exists and has the correct properties. It does not create the temporary reset token.
Password resets are a one-time thing, this conflicts with the stateless operator pattern and the operator has no easy way to securely send back the token to the user. If you want to achieve a fully-automated and secure password reset flow you need to write glue code that will validate the user identity from a trusted source (slack, email, ...) and execute a password reset on their behalf. This can be done through tctl users reset or by calling the API with api/cllient.GetResetPasswordToken.
Thank you for the report, I will make sure the documentation explicitly mentions the operator doesn't reset the user password.
Applies To
Details
Docs describe HOW to create USers and Roles, However, usually there is a url for a user to create a password .. Can not see any way to find this
Related Issues
The text was updated successfully, but these errors were encountered: