From: Martin Pitt Date: Tue, 7 Jan 2020 15:53:41 +0000 (+0100) Subject: Add initial drawings X-Git-Url: https://piware.de/gitweb/?a=commitdiff_plain;h=e6dd14a926ac5a636b0f7ca6c91335250101fd74;p=talk-cockpit-auth-anywhere.git Add initial drawings Made with https://www.draw.io/ and https://www.websequencediagrams.com/ --- e6dd14a926ac5a636b0f7ca6c91335250101fd74 diff --git a/bastion-host.drawio b/bastion-host.drawio new file mode 100644 index 0000000..5b44905 --- /dev/null +++ b/bastion-host.drawio @@ -0,0 +1 @@ +5Vpbc5s4FP41eQyDENfHJG67D5uZzqSzu3nKEFCwphixgGOnv34lkAy6OGAXtm6bZBx0dD/n0znnE76Cd5v9pyou1/ckRfmVY6f7K7i6cpwQQPrJBG+dwGMlJsgqnHYi0Ase8DfEhTaXbnGKaqlhQ0je4FIWJqQoUNJIsriqyE5u9kJyedYyzpAmeEjiXJf+jdNmzbfl2b38D4SztZgZ2LxmE4vGXFCv45TsBiL44QreVYQ03dNmf4dypjuhl67fxyO1h4VVqGimdFiBe0iCb39V3pdstXu07+8fi2s+ymucb/mG+WKbN6GBuC47xb7gPaJj3ZaowhvUoIrK6BTUEuhzL7pdN5uc1gD6GOc4K+hzQpfY1h10YNNCGtdrNmBbqMs4wUX2hZRUAKkAb1rLiP8rvMno3nL8TD/jpMGv6CnFFV0Zqd5YRVw2pHxKckznsurXjHbVNSS2i6oG7QcirrFPiNBdsPFsXgvtwPK6ThzAjm9BjuldDwiXN1oPsCAwEnMIZofReyvRB26oE4zmjhuN26VTecmESU62zHq7NW7QA9U2E+7omZVNNoPOnMCWNBbZmrqAOBRDfYVL6SuaoK8ivWHeolVUXNc4kdWC9rj5h0GVoqErPQ5qVnuO4rbwJgoFXXzXyXc8IXhsBY4o9l3bktR3cKpa4VHb1GRbJWj8mDdxlaFmHFkolZyibumBKT2DJYWsQnnMTqrslQ3m5TN8Jpju7AAkV8YRBApAum3zTkPPp4wTyeM4vjJOpxZtnBZrh02fDz8wwclOx18YDBHY4/EIBmlBhVGPSxmT3ggmz4efOxF+/kXBz5kJfp4yEHD/X/yJ6d/DX1aRbTnd9x/yrfhZjGCbTSXiqHIGYWRF0o8WIiA0WNbxfcvxFgoT/riaqJaKtM1ZwDmh9H3zTA+whoDqG7R1yEVnVxUcV9XPkTZmqKBrSJ5qVFH9H80bZzIcdCwfAi8IIzeAfug6sl+wLduGfv/ramZ2PYt1A7bntANFhrQzBNZgBtp0IQwAzwACP6eruH0hrf/r0eD/uyWi4rpuSd4NbQC8ct9X0qeM/U9I8rXEzTWlbnw8ur5uyK6BhjWq/kaGUN1U5Cu6IzlhcCtIwTDxgvNcEWlQY8bElP7d8IoNTlM2jfGw9+7AHB9ngo3qO4HiO3U6EkSWcNSSQ/At8E4Y/D5SYoLDcqxkNleq5IbACkNdnQbn6vY8cH5dmkJRdxRS/Hr+yZrnfNb1+ujBPIjbdf6ex5WyW+XOAIaWPTywOsJM9wdgKc/tBhOO6kRCIp4nkZGeENuBzD3cefjwuxYcZ8lc4eM0mTe8EKICIurubQ1eIq0IzuQt6j2OG9D8ZPCjrHNpFuNcsk9cNw27kL5h22Z/v6J7PP3yFCjE1zk4xqHrMzGXw63r/NRlwu3pd9K8kxXlh8pJMxC80KSmxa5M4YRsTsbL8loKHGi5kYwoGlkDX1eW6XpZvfWbT1cTLg5+KTZ8Or4jhfiqccWNBrzXM/iIC+K90JQ9zZRXpz874z39UHu+pSQsnmu5OgQ8aNmOwQUuSWlNF6fDlEPosrdljl6apXIMcS/yXGGWd/7gHKPd6Q9HjxNqIcE3BE9giAdwqXggrvWOwUY2FFYFz/Oi5k+S4YLWPiBK4kgxDhttfirTFvm7pLCBrQPMlJ2Z2J2zGMCmfAFg2Rfa8uvsEfJ+1A6jjFzE2lFGDi+LkavXijDQCM1kFu4pQznaUAszb88UBk+F25F3zs7YS+c5X3yfj0N36s2QYJcXgkOgvjpQCeNkFKrfxVCj59kYpMX+O3Bd8/6LhPDDfw== \ No newline at end of file diff --git a/bastion-host.pdf b/bastion-host.pdf new file mode 100644 index 0000000..96af53a Binary files /dev/null and b/bastion-host.pdf differ diff --git a/cert-auth.png b/cert-auth.png new file mode 100644 index 0000000..1d6ba46 Binary files /dev/null and b/cert-auth.png differ diff --git a/cert-auth.websequence b/cert-auth.websequence new file mode 100644 index 0000000..cf335f7 --- /dev/null +++ b/cert-auth.websequence @@ -0,0 +1,15 @@ +title Cockpit Certificate Authentication + +Browser -> cockpit-ws: TLS handshake\nwith client cert + +cockpit-ws -> cockpit-session: auth mode "tls-cert" + +cockpit-session -> libpam-cockpit-cert: start PAM session +note left of libpam-cockpit-cert: no user known yet + +libpam-cockpit-cert -> cockpit-ws: query certificate +libpam-cockpit-cert -> sssd: map certificate +sssd -> libpam-cockpit-cert: user name\n(or failure) +libpam-cockpit-cert -> cockpit-session: set PAM user name,\nstart session +note left of cockpit-session: start cockpit-bridge +cockpit-session -> cockpit-ws: success diff --git a/ssh-session.drawio b/ssh-session.drawio new file mode 100644 index 0000000..3e5146f --- /dev/null +++ b/ssh-session.drawio @@ -0,0 +1 @@ +7Vvbcpw4EP0aP5pCEtdHx052H9ZVqXJqd/3kwiAzqjAjFrA9ztevBGhAFwY8hhknsZOyoRFCdB91n1aLM3S53v5RRPnqmiY4O4N2sj1DV2cQBgCx31zw0ghcfsYFaUGSRgQ6wQ35gVuh3UofSYJLqWFFaVaRXBbGdLPBcSXJoqKgz3KzB5rJT82jFGuCmzjKdOk/JKlW7Wu5dif/E5N0JZ4M7PbKOhKNW0G5ihL63BOhz2fosqC0ao7W20uccd0JvTT3fRm4uhtYgTfVlBuuwDWi/o+/C/dbevV8a19f327O216eouyxfeF2sNWL0EBU5o1iH8gWs74+5bgga1zhgsnYI5gl8NdO9GlVrTN2BbDDKCPphh3HbIj1tZ0ObHaSROWKd1iflHkUk036jeZMgJiArGvLiL9XZJ2yd8vIPfsdxRV5wncJKdjIaPHCL0R5RfO7OCPsWVb5lLJb23fDRYW3g0oDO1MwCGPK3oL3Z7c3INu33OamFsDQs1CL6ecOEE7baNXDgsBI1EIw3fXeWYkdtIZ6hdGccaO1dmlUnnNhnNFHbr3nFanwDdM2Fz6zOSubbAadQd+WNBbamrqAmBR9fQVL6SucoK9NcsG9Ra2oqCxJLKsFb0n1L4cqQ0Nzdtu7crVtUVyfvIiTDRt8c5MHXSG4rQVQnHa31mfSvb1ZVQubUeNE81iKZdib0ccixuPzvoqKFFdjUNMt3TOla7CkkBU4i/hMlb2ywbztE75Swl5kByRHxhECCkCat2xv6ns+pZ9Q7gd6Sj+NFrR+aqztXvpw+IEJTnY6/gK/j8AOjwMYZCcqjDpcyph0RzA5I/ycifDzTgk/OBP8XKUj4BwXf+Lx+/CXFvQxH/T9LbmK7kXzHfuZHEeVOYhCK5R+tBCBkMGy0PMs6C4UJrxxNTEtbZKas4CZQukeiw0HWD2gQqO2VMTOpio0AVKdruwT6grYjuUBef4BFpB1CmfkJF5oIX8pJY7r8Ofg3inesDHEdyUumAVfQ74PsSiCzHrA9YPQ8ZEXOFA2LjOYJ/3TDO24Fr8N2C6sOwoN3D0AVu8JrOlCGACuAQRexkbx6YHWQaRDg/ffIxUXzss6U75gDYCbb7uL7Cjlf2Maf89Jdc7y37Y/Nr6my6aBhjVmp0qGUFkV9Du+pBnlcNvQDcfEA8kyRaRBjVudsBz6or2wJknCH2P0ArKfWM4RQDmP404AatjwQ0s8sA8H4FlgD394GwRMcacxWUKe3o6AEjM6STc9GNTd/p4oCFzLDSUceOZg4AaWjQxAYO4lWAoIwXhAWDhPlbPUt+cDe/noeJLaztjRNAGcNE8AoWtJsUKOSD6LV6AfkeT+p2YRwJP9lwcsu/+jDHsgp2DgiV56zXLeoNSgO0fW64+4NeEvOs+V4YdK92PzxsP7gnDADsXEI/nI+k3fp4fk7NiXXSRLWI0+EhjmFFiQMMMPB2mmDqMOEg3Y/DgO8nyXiIrs3+nI1wF+0HKCnuNT+D/ndaBbVxBQPtZaywiZk/0MUQX38zq9v2hKGPGzbzQKOOD1tOczmTbI35tBhtw9DsMPcleph2WJWpqWaharFZkSTNVnLlosOmiFy5MdRuhYfaUatOoblOp0pbr59bpQ1jbPxC/L1akpzruexJyUK8sBAFjQ6y1IBxrETDVesNTCkGOiz6/lOh1vQbvzptYTjFAXY/1RcCfBlqYUoBbnQG4wkQM15jsZBwJqNVOtAk0lQOdqOTNUOnp16jdQ/lISTuBL+0vYQdPjrPzJNVH8o2SNzjv1o+85VVQ2egARtfuFKfOC6mJ8RwxhnhwRHpIkyp52hqr6G5NEf6KDbObe6RykWm8/2EH6x3GQQKwEH9NBCji/T965qiq+L/OCK4H//00o6MjeB2X1A8Ad+eyzS9Ni2m7z4fzF5wmbCOff7bBfUb5CkRw9nIDApKbFdg6iCdnz/PscRrQUIMtRFmhRYPmerizjjobFdDVh/8yvvp9hxHKusnVBRrvPzNqrE7kGH/GOdi6g4frOm9cukl9wz8J+aATAs0KZTriO5egQcJEllhyPtUHBMVHqj0reUdOzsZAQaCHBkIsZC3ZoqXggNmZ9lEJ+fvfkezrATOzsuKWNKd/B/Fzl4Kn759HUnB6ddNFTLeMgX0topib1ahKFoNbVwqVdd46VpYFFIji2StTh1IPy9x9wP1YN33/MiENn6g4tdNIPiXb9CPCoCeNkFNpKR2r0PBiD7LT7FLRp3n1Piz7/Dw== \ No newline at end of file diff --git a/ssh-session.pdf b/ssh-session.pdf new file mode 100644 index 0000000..2f80c10 Binary files /dev/null and b/ssh-session.pdf differ diff --git a/ws-session.drawio b/ws-session.drawio new file mode 100644 index 0000000..3aaa019 --- /dev/null +++ b/ws-session.drawio @@ -0,0 +1 @@ +7VrbcqM4EP0aP5pC4mYekziz+zCpSlWmdidPKQwyVgUQC/Il8/XbAnERkGAnJp7ZWTsVo0ZqSd1H3acpZsZNfPgj89LNHQtINMN6cJgZyxnGyMR4Jv704KWUYB2ZpSTMaCB7NYIH+oNIoS6lWxqQXOnIGYs4TVWhz5KE+FyReVnG9mq3NYvUWVMvJD3Bg+9FfenfNOCbUrqw9Eb+J6HhppoZ6fJO7FWdpSDfeAHbt0TG7cy4yRjj5VV8uCGRsF5ll3Lcl1fu1gvLSMKPGbBEdwZzfvyVWd/C5f5Rv7t7TOZSy86LtnLDcrH8pbKAl6elYdf0QEDXdUoyGhNOMpDBFOAJct+Irjc8juAOgksvomEC1z4ssbhX20CHRuDlG6GwaOSp59Mk/MZSEBggoHHhmep3SeMQ9hbRFfz3fE535CmgGayMZS/ihpdylj75EYW5tHwXwlC5N5JxcnjVaKh2BYCYMNiF0KdXA1zpPYlfWzb3DRZMqxRtWjCo4OFJ9IW14sZBcCF9dIK/8Li/2JZHNCE39YEQ5l2zhN+wiGVFHwO+X8Ss12HmBcJi1b2EJcLoaxpFQ91znrFn0ums+FFYm8Lx+eqtSHTPcsopExBYMc5Z3OpwJbHBhcf7SGmhSKxdBgaEq7bcr5iyD1BGhZbbHSjLpRJAXioGxIdQRCrN2+emFrMVjYgEzTSAQXgAMaiPGGcxEWLMccTIQ9yykh+xrbDkfkM5eYCjKYR7MJzqmTPYqz4q0l4u1qyewWojti22mOqMuUdYLAmuRHIpTOXlOfVVw5AD5d9b148CqppjyebyIKFbNF6qRgKr/170xFbVfuy0m6FFSxnbisKFsFw2CXoZruMc2BrbZj4ZzxPcy0LCx9DWd3bLl9aAKytZRiJPRHY1iw/4V85wLw56C0sqlAzUQUi5SzmonSk7ehxVTx30Kz2lFXp6CrDVm34//qplfwiADZaQoWLJcS6MJfw/lj4PS0cQvGODma4t6ghWQmkknkGjC6MGlyoox+LbGeFnHgk/+78AP6ujCJmfiz98RCwLM7ZNX6USsrDzVlX3uvI6lmKYumqDua7Zht76mHaPcdQGb/sW27bIxNOwDnvcUGCnJCiYNjoTN3vDZ28ivw5jn2YeY9w8v0ahGpIE1uA/5SQD55xSqZ7kLKnGwIB1ZDkL13QMe2FiNRq4mmEr395BMC1NDEO6hQtF7kC1u0BaawboOhEGkDUAAjvisiZU0GD/s2XVjXleVI9X0AFZ6aG5CVeh+PWZ/5xSPt/nlT5YX6my7NDDGviJqxAaLI3bdbQU9aDWLYhjGgRimsED3oQAfUrYIB14oqtiBaImbkdN1MMKwo5WQaiND2Rr6I0M+DFMDMXN0ocB3X0cEjkBQsQSWNv91V0LHYXy3xMcC0uzVGzYujYQOpC10PQhOEDUmeppB1qM54kTaie1DB+rm2qe3GbJFYMe5sizcV77Jq8aL9xlzBylu+iifBe5lqakEDVROZDGUDtRqfqPZcNzbCOtymTFbKYyDcysIcvV6686zdRc+YhHdSOkr0eBJs4QrXTQYRZFuuiHBGMAQrXw/NHAGUkOVbxt4n9E1ryfDc5LM1YZFQf+NaoxnGPOsYD4ef06w7mcXZbz620uSj0visbWN2yWS6waGP6OZoUC8Cvhv8zCNU07ca1n5zfF9n5OdoN0V7N1t/nYamBzrMHANvS8YLK4hs/Bct7BVt7LjKZnOfaRLAdf9KHyvH6toXquZzZp8mQyg+zOs2W3r2xqyjJSfalhhXYFq/MGtq8spFCp6Q9VzTYW5Hrzg6y3yN+72HPfpnm48yx14KHA0HnCk0VGPML43gmt8wB0w7l4belK7FH8XTYJfxruRt4A6L0xMfQKgHkeFEGzeeOqjILNi2vG7b8= \ No newline at end of file diff --git a/ws-session.pdf b/ws-session.pdf new file mode 100644 index 0000000..bb03e46 Binary files /dev/null and b/ws-session.pdf differ