]> piware.de Git - talk-cockpit-auth-anywhere.git/commitdiff
projects / talk-cockpit-auth-anywhere.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (initial)
Add initial drawings
authorMartin Pitt <martin@piware.de>
Tue, 7 Jan 2020 15:53:41 +0000 (16:53 +0100)
committerMartin Pitt <martin@piware.de>
Tue, 7 Jan 2020 16:57:19 +0000 (17:57 +0100)
Made with https://www.draw.io/ and https://www.websequencediagrams.com/

bastion-host.drawio [new file with mode: 0644] patch | blob
bastion-host.pdf [new file with mode: 0644] patch | blob
cert-auth.png [new file with mode: 0644] patch | blob
cert-auth.websequence [new file with mode: 0644] patch | blob
ssh-session.drawio [new file with mode: 0644] patch | blob
ssh-session.pdf [new file with mode: 0644] patch | blob
ws-session.drawio [new file with mode: 0644] patch | blob
ws-session.pdf [new file with mode: 0644] patch | blob

diff --git a/bastion-host.drawio b/bastion-host.drawio
new file mode 100644 (file)
index 0000000..5b44905
--- /dev/null
+++ b/bastion-host.drawio
@@ -0,0 +1 @@
+<mxfile host="www.draw.io" modified="2020-01-06T20:12:11.494Z" agent="Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" etag="ztIXgjEwry9lbJflJLIC" version="12.4.8"><diagram id="WpU2nV0nbisVXbfxBrzP" name="Page-1">5Vpbc5s4FP41eQyDENfHJG67D5uZzqSzu3nKEFCwphixgGOnv34lkAy6OGAXtm6bZBx0dD/n0znnE76Cd5v9pyou1/ckRfmVY6f7K7i6cpwQQPrJBG+dwGMlJsgqnHYi0Ase8DfEhTaXbnGKaqlhQ0je4FIWJqQoUNJIsriqyE5u9kJyedYyzpAmeEjiXJf+jdNmzbfl2b38D4SztZgZ2LxmE4vGXFCv45TsBiL44QreVYQ03dNmf4dypjuhl67fxyO1h4VVqGimdFiBe0iCb39V3pdstXu07+8fi2s+ymucb/mG+WKbN6GBuC47xb7gPaJj3ZaowhvUoIrK6BTUEuhzL7pdN5uc1gD6GOc4K+hzQpfY1h10YNNCGtdrNmBbqMs4wUX2hZRUAKkAb1rLiP8rvMno3nL8TD/jpMGv6CnFFV0Zqd5YRVw2pHxKckznsurXjHbVNSS2i6oG7QcirrFPiNBdsPFsXgvtwPK6ThzAjm9BjuldDwiXN1oPsCAwEnMIZofReyvRB26oE4zmjhuN26VTecmESU62zHq7NW7QA9U2E+7omZVNNoPOnMCWNBbZmrqAOBRDfYVL6SuaoK8ivWHeolVUXNc4kdWC9rj5h0GVoqErPQ5qVnuO4rbwJgoFXXzXyXc8IXhsBY4o9l3bktR3cKpa4VHb1GRbJWj8mDdxlaFmHFkolZyibumBKT2DJYWsQnnMTqrslQ3m5TN8Jpju7AAkV8YRBApAum3zTkPPp4wTyeM4vjJOpxZtnBZrh02fDz8wwclOx18YDBHY4/EIBmlBhVGPSxmT3ggmz4efOxF+/kXBz5kJfp4yEHD/X/yJ6d/DX1aRbTnd9x/yrfhZjGCbTSXiqHIGYWRF0o8WIiA0WNbxfcvxFgoT/riaqJaKtM1ZwDmh9H3zTA+whoDqG7R1yEVnVxUcV9XPkTZmqKBrSJ5qVFH9H80bZzIcdCwfAi8IIzeAfug6sl+wLduGfv/ramZ2PYt1A7bntANFhrQzBNZgBtp0IQwAzwACP6eruH0hrf/r0eD/uyWi4rpuSd4NbQC8ct9X0qeM/U9I8rXEzTWlbnw8ur5uyK6BhjWq/kaGUN1U5Cu6IzlhcCtIwTDxgvNcEWlQY8bElP7d8IoNTlM2jfGw9+7AHB9ngo3qO4HiO3U6EkSWcNSSQ/At8E4Y/D5SYoLDcqxkNleq5IbACkNdnQbn6vY8cH5dmkJRdxRS/Hr+yZrnfNb1+ujBPIjbdf6ex5WyW+XOAIaWPTywOsJM9wdgKc/tBhOO6kRCIp4nkZGeENuBzD3cefjwuxYcZ8lc4eM0mTe8EKICIurubQ1eIq0IzuQt6j2OG9D8ZPCjrHNpFuNcsk9cNw27kL5h22Z/v6J7PP3yFCjE1zk4xqHrMzGXw63r/NRlwu3pd9K8kxXlh8pJMxC80KSmxa5M4YRsTsbL8loKHGi5kYwoGlkDX1eW6XpZvfWbT1cTLg5+KTZ8Or4jhfiqccWNBrzXM/iIC+K90JQ9zZRXpz874z39UHu+pSQsnmu5OgQ8aNmOwQUuSWlNF6fDlEPosrdljl6apXIMcS/yXGGWd/7gHKPd6Q9HjxNqIcE3BE9giAdwqXggrvWOwUY2FFYFz/Oi5k+S4YLWPiBK4kgxDhttfirTFvm7pLCBrQPMlJ2Z2J2zGMCmfAFg2Rfa8uvsEfJ+1A6jjFzE2lFGDi+LkavXijDQCM1kFu4pQznaUAszb88UBk+F25F3zs7YS+c5X3yfj0N36s2QYJcXgkOgvjpQCeNkFKrfxVCj59kYpMX+O3Bd8/6LhPDDfw==</diagram></mxfile>
\ No newline at end of file
diff --git a/bastion-host.pdf b/bastion-host.pdf
new file mode 100644 (file)
index 0000000..96af53a
Binary files /dev/null and b/bastion-host.pdf differ
diff --git a/cert-auth.png b/cert-auth.png
new file mode 100644 (file)
index 0000000..1d6ba46
Binary files /dev/null and b/cert-auth.png differ
diff --git a/cert-auth.websequence b/cert-auth.websequence
new file mode 100644 (file)
index 0000000..cf335f7
--- /dev/null
+++ b/cert-auth.websequence
@@ -0,0 +1,15 @@
+title Cockpit Certificate Authentication\r
+\r
+Browser -> cockpit-ws: TLS handshake\nwith client cert\r
+\r
+cockpit-ws -> cockpit-session: auth mode "tls-cert"\r
+\r
+cockpit-session -> libpam-cockpit-cert: start PAM session\r
+note left of libpam-cockpit-cert: no user known yet\r
+\r
+libpam-cockpit-cert -> cockpit-ws: query certificate\r
+libpam-cockpit-cert -> sssd: map certificate\r
+sssd -> libpam-cockpit-cert: user name\n(or failure)\r
+libpam-cockpit-cert -> cockpit-session: set PAM user name,\nstart session\r
+note left of cockpit-session: start cockpit-bridge\r
+cockpit-session -> cockpit-ws: success\r
diff --git a/ssh-session.drawio b/ssh-session.drawio
new file mode 100644 (file)
index 0000000..3e5146f
--- /dev/null
+++ b/ssh-session.drawio
@@ -0,0 +1 @@
+<mxfile host="www.draw.io" modified="2020-01-06T11:50:02.626Z" agent="Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" etag="YYlK_tpLxuLgSPVJ6t3b" version="12.4.8" type="device"><diagram id="WpU2nV0nbisVXbfxBrzP" name="Page-1">7Vvbcpw4EP0aP5pCEtdHx052H9ZVqXJqd/3kwiAzqjAjFrA9ztevBGhAFwY8hhknsZOyoRFCdB91n1aLM3S53v5RRPnqmiY4O4N2sj1DV2cQBgCx31zw0ghcfsYFaUGSRgQ6wQ35gVuh3UofSYJLqWFFaVaRXBbGdLPBcSXJoqKgz3KzB5rJT82jFGuCmzjKdOk/JKlW7Wu5dif/E5N0JZ4M7PbKOhKNW0G5ihL63BOhz2fosqC0ao7W20uccd0JvTT3fRm4uhtYgTfVlBuuwDWi/o+/C/dbevV8a19f327O216eouyxfeF2sNWL0EBU5o1iH8gWs74+5bgga1zhgsnYI5gl8NdO9GlVrTN2BbDDKCPphh3HbIj1tZ0ObHaSROWKd1iflHkUk036jeZMgJiArGvLiL9XZJ2yd8vIPfsdxRV5wncJKdjIaPHCL0R5RfO7OCPsWVb5lLJb23fDRYW3g0oDO1MwCGPK3oL3Z7c3INu33OamFsDQs1CL6ecOEE7baNXDgsBI1EIw3fXeWYkdtIZ6hdGccaO1dmlUnnNhnNFHbr3nFanwDdM2Fz6zOSubbAadQd+WNBbamrqAmBR9fQVL6SucoK9NcsG9Ra2oqCxJLKsFb0n1L4cqQ0Nzdtu7crVtUVyfvIiTDRt8c5MHXSG4rQVQnHa31mfSvb1ZVQubUeNE81iKZdib0ccixuPzvoqKFFdjUNMt3TOla7CkkBU4i/hMlb2ywbztE75Swl5kByRHxhECCkCat2xv6ns+pZ9Q7gd6Sj+NFrR+aqztXvpw+IEJTnY6/gK/j8AOjwMYZCcqjDpcyph0RzA5I/ycifDzTgk/OBP8XKUj4BwXf+Lx+/CXFvQxH/T9LbmK7kXzHfuZHEeVOYhCK5R+tBCBkMGy0PMs6C4UJrxxNTEtbZKas4CZQukeiw0HWD2gQqO2VMTOpio0AVKdruwT6grYjuUBef4BFpB1CmfkJF5oIX8pJY7r8Ofg3inesDHEdyUumAVfQ74PsSiCzHrA9YPQ8ZEXOFA2LjOYJ/3TDO24Fr8N2C6sOwoN3D0AVu8JrOlCGACuAQRexkbx6YHWQaRDg/ffIxUXzss6U75gDYCbb7uL7Cjlf2Maf89Jdc7y37Y/Nr6my6aBhjVmp0qGUFkV9Du+pBnlcNvQDcfEA8kyRaRBjVudsBz6or2wJknCH2P0ArKfWM4RQDmP404AatjwQ0s8sA8H4FlgD394GwRMcacxWUKe3o6AEjM6STc9GNTd/p4oCFzLDSUceOZg4AaWjQxAYO4lWAoIwXhAWDhPlbPUt+cDe/noeJLaztjRNAGcNE8AoWtJsUKOSD6LV6AfkeT+p2YRwJP9lwcsu/+jDHsgp2DgiV56zXLeoNSgO0fW64+4NeEvOs+V4YdK92PzxsP7gnDADsXEI/nI+k3fp4fk7NiXXSRLWI0+EhjmFFiQMMMPB2mmDqMOEg3Y/DgO8nyXiIrs3+nI1wF+0HKCnuNT+D/ndaBbVxBQPtZaywiZk/0MUQX38zq9v2hKGPGzbzQKOOD1tOczmTbI35tBhtw9DsMPcleph2WJWpqWaharFZkSTNVnLlosOmiFy5MdRuhYfaUatOoblOp0pbr59bpQ1jbPxC/L1akpzruexJyUK8sBAFjQ6y1IBxrETDVesNTCkGOiz6/lOh1vQbvzptYTjFAXY/1RcCfBlqYUoBbnQG4wkQM15jsZBwJqNVOtAk0lQOdqOTNUOnp16jdQ/lISTuBL+0vYQdPjrPzJNVH8o2SNzjv1o+85VVQ2egARtfuFKfOC6mJ8RwxhnhwRHpIkyp52hqr6G5NEf6KDbObe6RykWm8/2EH6x3GQQKwEH9NBCji/T965qiq+L/OCK4H//00o6MjeB2X1A8Ad+eyzS9Ni2m7z4fzF5wmbCOff7bBfUb5CkRw9nIDApKbFdg6iCdnz/PscRrQUIMtRFmhRYPmerizjjobFdDVh/8yvvp9hxHKusnVBRrvPzNqrE7kGH/GOdi6g4frOm9cukl9wz8J+aATAs0KZTriO5egQcJEllhyPtUHBMVHqj0reUdOzsZAQaCHBkIsZC3ZoqXggNmZ9lEJ+fvfkezrATOzsuKWNKd/B/Fzl4Kn759HUnB6ddNFTLeMgX0topib1ahKFoNbVwqVdd46VpYFFIji2StTh1IPy9x9wP1YN33/MiENn6g4tdNIPiXb9CPCoCeNkFNpKR2r0PBiD7LT7FLRp3n1Piz7/Dw==</diagram></mxfile>
\ No newline at end of file
diff --git a/ssh-session.pdf b/ssh-session.pdf
new file mode 100644 (file)
index 0000000..2f80c10
Binary files /dev/null and b/ssh-session.pdf differ
diff --git a/ws-session.drawio b/ws-session.drawio
new file mode 100644 (file)
index 0000000..3aaa019
--- /dev/null
+++ b/ws-session.drawio
@@ -0,0 +1 @@
+<mxfile host="www.draw.io" modified="2020-01-06T09:57:05.296Z" agent="Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" etag="s31aHYVeEoeNfojkjADl" version="12.4.8" type="device"><diagram id="WpU2nV0nbisVXbfxBrzP" name="Page-1">7VrbcqM4EP0aP5pC4mYekziz+zCpSlWmdidPKQwyVgUQC/Il8/XbAnERkGAnJp7ZWTsVo0ZqSd1H3acpZsZNfPgj89LNHQtINMN6cJgZyxnGyMR4Jv704KWUYB2ZpSTMaCB7NYIH+oNIoS6lWxqQXOnIGYs4TVWhz5KE+FyReVnG9mq3NYvUWVMvJD3Bg+9FfenfNOCbUrqw9Eb+J6HhppoZ6fJO7FWdpSDfeAHbt0TG7cy4yRjj5VV8uCGRsF5ll3Lcl1fu1gvLSMKPGbBEdwZzfvyVWd/C5f5Rv7t7TOZSy86LtnLDcrH8pbKAl6elYdf0QEDXdUoyGhNOMpDBFOAJct+Irjc8juAOgksvomEC1z4ssbhX20CHRuDlG6GwaOSp59Mk/MZSEBggoHHhmep3SeMQ9hbRFfz3fE535CmgGayMZS/ihpdylj75EYW5tHwXwlC5N5JxcnjVaKh2BYCYMNiF0KdXA1zpPYlfWzb3DRZMqxRtWjCo4OFJ9IW14sZBcCF9dIK/8Li/2JZHNCE39YEQ5l2zhN+wiGVFHwO+X8Ss12HmBcJi1b2EJcLoaxpFQ91znrFn0ums+FFYm8Lx+eqtSHTPcsopExBYMc5Z3OpwJbHBhcf7SGmhSKxdBgaEq7bcr5iyD1BGhZbbHSjLpRJAXioGxIdQRCrN2+emFrMVjYgEzTSAQXgAMaiPGGcxEWLMccTIQ9yykh+xrbDkfkM5eYCjKYR7MJzqmTPYqz4q0l4u1qyewWojti22mOqMuUdYLAmuRHIpTOXlOfVVw5AD5d9b148CqppjyebyIKFbNF6qRgKr/170xFbVfuy0m6FFSxnbisKFsFw2CXoZruMc2BrbZj4ZzxPcy0LCx9DWd3bLl9aAKytZRiJPRHY1iw/4V85wLw56C0sqlAzUQUi5SzmonSk7ehxVTx30Kz2lFXp6CrDVm34//qplfwiADZaQoWLJcS6MJfw/lj4PS0cQvGODma4t6ghWQmkknkGjC6MGlyoox+LbGeFnHgk/+78AP6ujCJmfiz98RCwLM7ZNX6USsrDzVlX3uvI6lmKYumqDua7Zht76mHaPcdQGb/sW27bIxNOwDnvcUGCnJCiYNjoTN3vDZ28ivw5jn2YeY9w8v0ahGpIE1uA/5SQD55xSqZ7kLKnGwIB1ZDkL13QMe2FiNRq4mmEr395BMC1NDEO6hQtF7kC1u0BaawboOhEGkDUAAjvisiZU0GD/s2XVjXleVI9X0AFZ6aG5CVeh+PWZ/5xSPt/nlT5YX6my7NDDGviJqxAaLI3bdbQU9aDWLYhjGgRimsED3oQAfUrYIB14oqtiBaImbkdN1MMKwo5WQaiND2Rr6I0M+DFMDMXN0ocB3X0cEjkBQsQSWNv91V0LHYXy3xMcC0uzVGzYujYQOpC10PQhOEDUmeppB1qM54kTaie1DB+rm2qe3GbJFYMe5sizcV77Jq8aL9xlzBylu+iifBe5lqakEDVROZDGUDtRqfqPZcNzbCOtymTFbKYyDcysIcvV6686zdRc+YhHdSOkr0eBJs4QrXTQYRZFuuiHBGMAQrXw/NHAGUkOVbxt4n9E1ryfDc5LM1YZFQf+NaoxnGPOsYD4ef06w7mcXZbz620uSj0visbWN2yWS6waGP6OZoUC8Cvhv8zCNU07ca1n5zfF9n5OdoN0V7N1t/nYamBzrMHANvS8YLK4hs/Bct7BVt7LjKZnOfaRLAdf9KHyvH6toXquZzZp8mQyg+zOs2W3r2xqyjJSfalhhXYFq/MGtq8spFCp6Q9VzTYW5Hrzg6y3yN+72HPfpnm48yx14KHA0HnCk0VGPML43gmt8wB0w7l4belK7FH8XTYJfxruRt4A6L0xMfQKgHkeFEGzeeOqjILNi2vG7b8=</diagram></mxfile>
\ No newline at end of file
diff --git a/ws-session.pdf b/ws-session.pdf
new file mode 100644 (file)
index 0000000..bb03e46
Binary files /dev/null and b/ws-session.pdf differ
Talk: Authenticate to Cockpit from anywhere