Using Basic Authentication

You can configure your cluster to use basic authentication and setup user accounts during cluster configuration.

NOTE: Basic authentication is provided as a convenience for quickly setting up development and test clusters. In production you should use a third-party IAM provider such as Google or LDAP.

Configuration example

The following cluster.conf snippet shows a cluster.conf configuration for enabling basic authentication that creates two users (admin and guest). The admin user is added to the admins array so that is assigned to the admin policy role.

Notes:

  • You can't manage basic authentication user accounts once you've deployed your cluster. The only way to modify basic auth accounts is to update cluster.conf as shown below and re-deploy your cluster.
  • Basic authentication account credentials are not stored securely within Apcera. For secure authentication use a supported IAM provider such as LDAP, Active Directory, Google Auth.
chef: {
  "continuum": {
    ...
    "auth_server": {
      "identity": {
        # Change the default_provider to desired enabled authentication method
        "default_provider": "basic",
        "basic": {
          "enabled": true,
          "users": [
            {
              "name": "admin",
              "password": "PaSsWoRd!"
            },
            {
              "name": "guest",
              "password": "PaSsWoRd!"
            }
          ]
        }
      },
      # chef.continuum.auth_server.admins array specifies users that will be 
      # granted admin privileges on the cluster.
      "admins": [
        "admin@apcera.me"
      ]
    },
  },