This repository has been archived by the owner on Oct 28, 2022. It is now read-only.
don't require username when certificate based authentication is used #641
Comments
|
Agree, it makes sense to not require a username/password when running a command. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Some servers can extract usernames from certificates. This may be as simple as extracting the common name but here is also the SPIFFE-ID which was made specifically for this purpose.
Enforcing that the user provides a username through metadata when using certificate based authentication leaves it up to the server to decide which one it should use, with some servers returning an error due to this ambiguous behaviour.
The text was updated successfully, but these errors were encountered: