salt.auth.pki

Authenticate via a PKI certificate.

Note

This module is Experimental and should be used with caution

Provides an authenticate function that will allow the caller to authenticate a user via their public cert against a pre-defined Certificate Authority.

TODO: Add a 'ca_dir' option to configure a directory of CA files, a la Apache.

depends:
  • pyOpenSSL module
salt.auth.pki.auth(pem, **kwargs)

Returns True if the given user cert was issued by the CA. Returns False otherwise.

pem: a pem-encoded user public key (certificate)

Configure the CA cert in the master config file:

external_auth:
  pki:
    ca_file: /etc/pki/tls/ca_certs/trusted-ca.crt

You are viewing docs for an inactive release, 2014.7.6. Switch to docs for the latest stable release, 2015.8.x, or to a recent doc build from the develop branch.


saltstack.com