This repository has been archived by the owner on Nov 21, 2022. It is now read-only.
Minor Editorial and Configation changes #13
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
linux-modder
commented
Jan 1, 2018
linux-modder
commented
- Variable Config file extension for placeholder of deployment creds
- Added stub tests for keyserver, namely for read/submit validation
- Minor edits to reflect transposed edits from old gitlab repo (now deprecated)
- Added notes to README.md reflecting credentials use and hardening
- Added Gitlab Deprecation notice to README.md
added 3 commits
January 1, 2018 01:35
Signed-off-by: Corey 'linuxmodder' Sheldon <[email protected]>
Added a set of stub tests fro the application server -- Logic and dependencies still need to be worked out. Made modifications as with the old interface to index.html.tera Signed-off-by: Corey 'linuxmodder' Sheldon <[email protected]> On branch linuxmodder-GPG Changes to be committed: new file: auth_keys_from_cas modified: docker-compose.yml modified: src/tests.rs modified: templates/index.html.tera
…n notice. ``` Presently (Jan 2018) config.yml and docker-compose.yml use hard-coded user:password credentials, in real world deployment this should use some abstraction layer. Examples of secure mechanisms for this would be docker_login or some external call to a AS in your infrastructure ((open)ldap,krb5,saml) that would be defined in an auth or environment variable. As an example there is a stub file ( `auth_keys_from_cas` ) in this repo that could be used as a file that would have the hashed/encrypted values for tokens/user:pass entries for all auth'd users. Example deployment using such a file: * User authenticates to local domain/AS server * Server passes (over secure channel communication (DTLS or other secure channel within organization's policies) to this file not much unlike a journal write of a auth attempt for admin/sudo rights. * Config.yml calls this file to populate auth'd hosts/users and timeout periods of said tokens (if used), to populate it's auth'd user db or update it on some on-demand or periodic schedule. ``` ``` ********************** DEPRECATION of Gitlab repo: Effective Jan 1, 2018, ALL references to the gitlab will be phased out, as that repo has been deprecated, largely for better workflow and greater contributor intake here on Github. ********************** ``` Signed-off-by: Corey 'linuxmodder' Sheldon <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.