X-Git-Url: https://piware.de/gitweb/?p=talk-cockpit-auth-anywhere.git;a=blobdiff_plain;f=cockpit-auth-anywhere.md;fp=cockpit-auth-anywhere.md;h=b5a53c27f70e77f33144550773449f7da814dff4;hp=05298e25f34b64ec5032c15f1eaf66ea6e9ae0da;hb=a32ed785e042fc3b9030f8664f1feb1f582e98b6;hpb=bd259fb46d536be10a3d15210676f7b122427fa7 diff --git a/cockpit-auth-anywhere.md b/cockpit-auth-anywhere.md index 05298e2..b5a53c2 100644 --- a/cockpit-auth-anywhere.md +++ b/cockpit-auth-anywhere.md @@ -50,6 +50,7 @@ resize2fs /dev/vg0/data1 :::notes - Switch to Windows virt-viewer, open Edge, show Cockpit - Quit virt-viewer +- Move to local browser, enable mobile mode (Ctrl+Shift+M) - Zero configuration so far, other than possibly installing cockpit pkg and enabling cockpit.socket - In larger environments it's impractical to install cockpit server on hundreds of machines and using the login web page @@ -70,7 +71,7 @@ resize2fs /dev/vg0/data1 - all components in cockpit communicate to each other via a JSON protocol on standard pipes, usually stdio - this provides a lot of flexibility and extensibility, as we'll see shortly - ws roles: communicate with the browser for getting credentials: login page, krb negotiation, client cert -- ws: deliver HTML/js content, translate WebSocket to JSON protocol; runs as unprivileged system user +- ws: deliver HTML/js content, connects JSON protocol on the WebSocket to pipes to the other components; runs as unprivileged system user ::: # Anatomy: cockpit-session @@ -141,6 +142,8 @@ RequireHost=true - OAuth (Kubernetes) - Foreman: included cockpit-ws with dynamic configuration +TODO: foreman screenshot + :::notes - Cockpit supports common authentication systems out of the box - IdM is very common; if you have a krb ticket, you get a session immediately @@ -151,7 +154,8 @@ RequireHost=true machines - runs a single cockpit-ws process on its server, and dynamically configures it for selected target machine, seamless transition between Foreman and Cockpit -- not enough time to demo all of this +- not enough time to demo and explain all of this; just keep in mind that it's + possible ::: # Custom authentication example