From 5cacd417c42e46ebcb929d2316ffe6d6e93139eb Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 27 Sep 2024 12:15:45 +0200 Subject: [PATCH 1/3] added reference to the Kerberos AuthenticationProvider --- .../examples/authenticationclass-kerberos.yaml | 8 ++++++++ modules/concepts/pages/authentication.adoc | 12 ++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 modules/concepts/examples/authenticationclass-kerberos.yaml diff --git a/modules/concepts/examples/authenticationclass-kerberos.yaml b/modules/concepts/examples/authenticationclass-kerberos.yaml new file mode 100644 index 000000000..e5ef87805 --- /dev/null +++ b/modules/concepts/examples/authenticationclass-kerberos.yaml @@ -0,0 +1,8 @@ +apiVersion: authentication.stackable.tech/v1alpha1 +kind: AuthenticationClass +metadata: + name: kerberos-auth +spec: + provider: + kerberos: + kerberosSecretClass: kerberos-auth \ No newline at end of file diff --git a/modules/concepts/pages/authentication.adoc b/modules/concepts/pages/authentication.adoc index 1f85af71c..396e6d36b 100644 --- a/modules/concepts/pages/authentication.adoc +++ b/modules/concepts/pages/authentication.adoc @@ -18,6 +18,7 @@ The following authentication providers are supported: * <>: Authenticate users using an LDAP server. * <>: Authenticate users using an OpenID connect provider. * <>: Authenticate users with client TLS certificates. +* <>: Authenticate users with Kerberos keytabs. * <>: Authenticate users against a static list of users and passwords in a simple Kubernetes Secret. [#ldap] @@ -76,6 +77,17 @@ A sample TLS provider looks as follows: include::example$authenticationclass-tls.yaml[] ---- +[#kerberos] +=== Kerberos +The `Kerberos` provider configures a product to authenticate users using Kerberos tickets issued by the Kerberos Key Distribution Center (KDC). + +The Kerberos provider defines `kerberosSecretClass` which points to a Kerberos SecretClass that contains the necessary KDC and realm information: + +[source,yaml] +---- +include::example$authenticationclass-kerberos.yaml[] +---- + [#static] === Static The `static` provider is used to represent a simple - static - set of users. From 7f727126800f00a38021b92b0dd656d7a9d5df8a Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 27 Sep 2024 12:17:27 +0200 Subject: [PATCH 2/3] removed empty line --- modules/concepts/pages/authentication.adoc | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/concepts/pages/authentication.adoc b/modules/concepts/pages/authentication.adoc index 396e6d36b..f345b2cf0 100644 --- a/modules/concepts/pages/authentication.adoc +++ b/modules/concepts/pages/authentication.adoc @@ -80,7 +80,6 @@ include::example$authenticationclass-tls.yaml[] [#kerberos] === Kerberos The `Kerberos` provider configures a product to authenticate users using Kerberos tickets issued by the Kerberos Key Distribution Center (KDC). - The Kerberos provider defines `kerberosSecretClass` which points to a Kerberos SecretClass that contains the necessary KDC and realm information: [source,yaml] From 028a44bfa30798672ce1580c77a3fc3ad82112ba Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 27 Sep 2024 12:19:59 +0200 Subject: [PATCH 3/3] linting --- modules/concepts/examples/authenticationclass-kerberos.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/concepts/examples/authenticationclass-kerberos.yaml b/modules/concepts/examples/authenticationclass-kerberos.yaml index e5ef87805..855375ee6 100644 --- a/modules/concepts/examples/authenticationclass-kerberos.yaml +++ b/modules/concepts/examples/authenticationclass-kerberos.yaml @@ -5,4 +5,4 @@ metadata: spec: provider: kerberos: - kerberosSecretClass: kerberos-auth \ No newline at end of file + kerberosSecretClass: kerberos-auth