Authentication/openid


#1

What’s the intended way to restrict access to the server and web ui? For
the web ui it looks like you need to run your own openid provider and set it
as an approved provider. For chef clients it looks like it’s ssl client
certs. Is that correct?

Chris


#2

Ok so it looks like chef serves as an openid server also. So just register
with chef-client, make the node an admin, and login to the web ui with
that? Is that correct?

On Sun, Apr 19, 2009 at 11:56 PM, snacktime snacktime@gmail.com wrote:

What’s the intended way to restrict access to the server and web ui? For
the web ui it looks like you need to run your own openid provider and set it
as an approved provider. For chef clients it looks like it’s ssl client
certs. Is that correct?

Chris


#3

The chef server has an OpenID provider for authentication of clients.
You cannot currently use it to authenticate to the webUI.

An OpenID relying party is used for logging into the web UI, and in
0.6 (master) you can limit specific OpenID identifiers and specific
relying parties.

Regards,

AJ

On 20/04/2009, at 7:15 PM, snacktime wrote:

Ok so it looks like chef serves as an openid server also. So just
register with chef-client, make the node an admin, and login to the
web ui with that? Is that correct?

On Sun, Apr 19, 2009 at 11:56 PM, snacktime snacktime@gmail.com
wrote:
What’s the intended way to restrict access to the server and web
ui? For the web ui it looks like you need to run your own openid
provider and set it as an approved provider. For chef clients it
looks like it’s ssl client certs. Is that correct?

Chris