-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configure custom PIV slot for hardware key support #31732
Conversation
5e73ce0
to
1c50d89
Compare
9c2adad
to
f2ac3e0
Compare
tsh --piv-slot
f2ac3e0
to
3504aa1
Compare
582b9cf
to
7aeaa0d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't manage to get through the whole PR today, I'll continue the review tomorrow.
Thanks Rafael, this PR grew larger than I intended. I'll try splitting it up into 1 or 2 more PRs for easier review. |
e41df61
to
b6cbf9b
Compare
4b9a235
to
8060194
Compare
3c36c37
to
a3a1509
Compare
97d3f06
to
550cf20
Compare
f660dbc
to
bdccdc6
Compare
bece00f
to
f8b0b73
Compare
* Update RFD. * Add custom PIV slot logic. * Add custom piv slot to cluster auth preference. * Fix error handling of parsing private key policy errors. * Add new PIVSlot string type.
* Update RFD. * Add custom PIV slot logic. * Add custom piv slot to cluster auth preference. * Fix error handling of parsing private key policy errors. * Add new PIVSlot string type.
Add support for configuring a custom PIV slot for hardware key support through client or server settings:
tsh --piv-slot=9d
orTELEPORT_PIV_SLOT=9d tsh
teleport.auth_service.authentication.piv_slot: 9a
cluster_auth_preference.piv_slot: 9a
Other changes:
e PR: https://github.com/gravitational/teleport.e/pull/2191
Follow up PR: #32275