How to configure security provider on chef server


#1

Hi,

I’m new to chef. I want to ask you if it’s possible to configure different
security provider on chef server and if so, how to do it.

Thanks

 Pat

Freehosting PIPNI - http://www.pipni.cz/


#2

I’m guessing you mean for user authentication? Enterprise Chef supports LDAP for user authentication in the Web UI, but FOSS Chef does not. More to the point, user authentication only matters in the Web UI and that is deprecated in FOSS Chef anyway and should be disabled.

–Noah

On Jun 25, 2014, at 2:00 AM, “pat” pat@xvalheru.org wrote:

Hi,

I’m new to chef. I want to ask you if it’s possible to configure different
security provider on chef server and if so, how to do it.

Thanks

Pat

Freehosting PIPNI - http://www.pipni.cz/


#3

Sorry I forget to mention, that this is about FIPS (US government security
standard), so it’s not about user authentication but about communication.

Thanks

 Pat

On Wed, 25 Jun 2014 02:50:45 -0700, Noah Kantrowitz wrote

I’m guessing you mean for user authentication? Enterprise Chef
supports LDAP for user authentication in the Web UI, but FOSS Chef
does not. More to the point, user authentication only matters in the
Web UI and that is deprecated in FOSS Chef anyway and should be disabled.

–Noah

On Jun 25, 2014, at 2:00 AM, “pat” pat@xvalheru.org wrote:

Hi,

I’m new to chef. I want to ask you if it’s possible to configure different
security provider on chef server and if so, how to do it.

Thanks

Pat

Freehosting PIPNI - http://www.pipni.cz/


Freehosting PIPNI - http://www.pipni.cz/


#4

Erlang and Ruby both use OpenSSL, so you’ll have to recompile both with a FIPS-enabled OpenSSL library. Look at the omnibus-chef and omnibus-chef-server projects to see how to build those packages, and replace the OpenSSL build instructions with whatever you need to do for FIPS stuff. It is worth noting that both major OpenSSL replacement projects are dropping FIPS mode, so you shouldn’t assume this will be available permanently.

–Noah

On Jun 25, 2014, at 3:26 AM, “pat” pat@xvalheru.org wrote:

Sorry I forget to mention, that this is about FIPS (US government security
standard), so it’s not about user authentication but about communication.

Thanks

Pat

On Wed, 25 Jun 2014 02:50:45 -0700, Noah Kantrowitz wrote

I’m guessing you mean for user authentication? Enterprise Chef
supports LDAP for user authentication in the Web UI, but FOSS Chef
does not. More to the point, user authentication only matters in the
Web UI and that is deprecated in FOSS Chef anyway and should be disabled.

–Noah

On Jun 25, 2014, at 2:00 AM, “pat” pat@xvalheru.org wrote:

Hi,

I’m new to chef. I want to ask you if it’s possible to configure different
security provider on chef server and if so, how to do it.

Thanks

Pat


Freehosting PIPNI - http://www.pipni.cz/


Freehosting PIPNI - http://www.pipni.cz/


#5

Thanks a lot for recommendation.

 Pat

On Wed, 25 Jun 2014 03:31:35 -0700, Noah Kantrowitz wrote

Erlang and Ruby both use OpenSSL, so you’ll have to recompile both
with a FIPS-enabled OpenSSL library. Look at the omnibus-chef and
omnibus-chef-server projects to see how to build those packages, and
replace the OpenSSL build instructions with whatever you need to do
for FIPS stuff. It is worth noting that both major OpenSSL
replacement projects are dropping FIPS mode, so you shouldn’t assume
this will be available permanently.

–Noah

On Jun 25, 2014, at 3:26 AM, “pat” pat@xvalheru.org wrote:

Sorry I forget to mention, that this is about FIPS (US government security
standard), so it’s not about user authentication but about communication.

Thanks

Pat

On Wed, 25 Jun 2014 02:50:45 -0700, Noah Kantrowitz wrote

I’m guessing you mean for user authentication? Enterprise Chef
supports LDAP for user authentication in the Web UI, but FOSS Chef
does not. More to the point, user authentication only matters in the
Web UI and that is deprecated in FOSS Chef anyway and should be disabled.

–Noah

On Jun 25, 2014, at 2:00 AM, “pat” pat@xvalheru.org wrote:

Hi,

I’m new to chef. I want to ask you if it’s possible to configure different
security provider on chef server and if so, how to do it.

Thanks

Pat


Freehosting PIPNI - http://www.pipni.cz/


Freehosting PIPNI - http://www.pipni.cz/


Freehosting PIPNI - http://www.pipni.cz/