crate-operator icon indicating copy to clipboard operation
crate-operator copied to clipboard
verified publisher icon crate

Limit system user login

Open WalBeh opened this issue 2 years ago • 0 comments

Summary of changes

~~Limit system user login to 10.0.0.0/8.~~

I assumed that the configuration snippet from below limits the system to login from 10.0.0.0/8 only. But it seems like the 99.method=password spoils my plan!

 82     - -Cauth.host_based.enabled=true
 83     - -Cauth.host_based.config.0.user=crate
 84     - -Cauth.host_based.config.0.address=_local_
 85     - -Cauth.host_based.config.0.method=trust
 86     - -Cauth.host_based.config.1.user=system
 87     - -Cauth.host_based.config.1.address=10.0.0.0/8
 88     - -Cauth.host_based.config.1.method=password
 89     - -Cauth.host_based.config.99.method=password

In can see the real IP of the connection (=external IP) system can still login, due to the setting in line 89 where password login from everywhere is allowed.

Checklist

  • [x] Relevant changes are reflected in CHANGES.rst
  • [ ] Added or changed code is covered by tests
  • [ ] Documentation has been updated if necessary
  • [ ] Changed code does not contain any breaking changes (or this is a major version change)

WalBeh avatar Jan 26 '24 08:01 WalBeh