github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #6190 from liggitt/client_cert_auth

Browse Source 
Add client cert authentication
This commit is contained in:
Robert Bailey
2015-04-01 14:11:29 -07:00
parent 96a0a0d618 c797a91e36
commit 22d9c67cb7
4 changed files with 137 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/authentication.md
View File

@@ -1,8 +1,14 @@
# Authentication Plugins
Kubernetes uses tokens to authenticate users for API calls.
Kubernetes uses tokens or client certificates to authenticate users for API calls.
Authentication is enabled by passing the `--token_auth_file=SOMEFILE` option
Client certificate authentication is enabled by passing the `--client_ca_file=SOMEFILE`
option to apiserver. The referenced file must contain one or more certificates authorities
to use to validate client certificates presented to the apiserver. If a client certificate
is presented and verified, the common name of the subject is used as the user name for the
request.
Token authentication is enabled by passing the `--token_auth_file=SOMEFILE` option
to apiserver. Currently, tokens last indefinitely, and the token list cannot
be changed without restarting apiserver. We plan in the future for tokens to
be short-lived, and to be generated as needed rather than stored in a file.