Securing Web Interface


#1

Hi there,

I think I’ve gotten the hang of Chef the last few days, but I still have a
couple questions, if anyone minds answering.

I’ve managed to “secure” the admin with the
authorized_openid_identifiersconfig option, but the only thing it does
is not allow people to log in.
Everyone can still browse my servers attributes and cookbooks, and I’d
prefer not to let them.

I thought about using a basic http authentication configuring nginx (I’m
serving chef through passenger for nginx), but then (correct me if I’m
mistaken), the clients won’t be able to acces, and will need the password
aswell, will they? Am I missing something?

Managed to install the 0.6.3 version from github master (with a lot of
problems, but still), and I see it requires you to log in right away, so
that’s something I like. I could wait until the next release, but do you
guys have a tip for what can I do right now?

Thanks a lot!


Albert Llop


#2

We are releasing 0.7.0 today, which solves this. I’ll send the
release notes to the list when we are done.

Adam

Sent from my iPhone

On Jun 9, 2009, at 3:27 AM, Albert Llop mrsimo@gmail.com wrote:

Hi there,

I think I’ve gotten the hang of Chef the last few days, but I still
have a couple questions, if anyone minds answering.

I’ve managed to “secure” the admin with the
authorized_openid_identifiers config option, but the only thing it
does is not allow people to log in. Everyone can still browse my
servers attributes and cookbooks, and I’d prefer not to let them.

I thought about using a basic http authentication configuring nginx
(I’m serving chef through passenger for nginx), but then (correct me
if I’m mistaken), the clients won’t be able to acces, and will need
the password aswell, will they? Am I missing something?

Managed to install the 0.6.3 version from github master (with a lot
of problems, but still), and I see it requires you to log in right
away, so that’s something I like. I could wait until the next
release, but do you guys have a tip for what can I do right now?

Thanks a lot!


Albert Llop


#3

This indeed solved the problem :slight_smile: I thought the release was going to be a
while still, that’s why I interested myself in this.

By the way, very painless update, even with the amount of modifications i
did to my chef-repo.

Thanks a lot!

2009/6/9 Adam Jacob adam@opscode.com

We are releasing 0.7.0 today, which solves this. I’ll send the release
notes to the list when we are done.

Adam

Sent from my iPhone

On Jun 9, 2009, at 3:27 AM, Albert Llop mrsimo@gmail.com wrote:

Hi there,

I think I’ve gotten the hang of Chef the last few days, but I still have a
couple questions, if anyone minds answering.

I’ve managed to “secure” the admin with the authorized_openid_identifiers
config option, but the only thing it does is not allow people to log in.
Everyone can still browse my servers attributes and cookbooks, and I’d
prefer not to let them.

I thought about using a basic http authentication configuring nginx (I’m
serving chef through passenger for nginx), but then (correct me if I’m
mistaken), the clients won’t be able to acces, and will need the password
aswell, will they? Am I missing something?

Managed to install the 0.6.3 version from github master (with a lot of
problems, but still), and I see it requires you to log in right away, so
that’s something I like. I could wait until the next release, but do you
guys have a tip for what can I do right now?

Thanks a lot!


Albert Llop


Albert Llop