Using Basic Authentication
You can configure your cluster to use basic authentication and setup user accounts during cluster configuration.
NOTE: Basic authentication is provided as a convenience for quickly setting up development and test clusters. In production you should use a third-party IAM provider such as Google or LDAP.
Configuration example
The following cluster.conf
snippet shows a cluster.conf configuration for enabling basic authentication that creates two users (admin
and guest
). The admin
user is added to the admins
array so that is assigned to the admin policy role.
Notes:
- You can't manage basic authentication user accounts once you've deployed your cluster. The only way to modify basic auth accounts is to update cluster.conf as shown below and re-deploy your cluster.
- Basic authentication account credentials are not stored securely within Apcera. For secure authentication use a supported IAM provider such as LDAP, Active Directory, Google Auth.
chef: {
"continuum": {
...
"auth_server": {
"identity": {
# Change the default_provider to desired enabled authentication method
"default_provider": "basic",
"basic": {
"enabled": true,
"users": [
{
"name": "admin",
"password": "PaSsWoRd!"
},
{
"name": "guest",
"password": "PaSsWoRd!"
}
]
}
},
# chef.continuum.auth_server.admins array specifies users that will be
# granted admin privileges on the cluster.
"admins": [
"admin@apcera.me"
]
},
},