[Containers] portus client certificates

Flavio Castelli fcastelli at suse.com
Wed Oct 28 03:20:08 MDT 2015


On 10/27/2015 11:17 PM, gordon wrote:
> How would I go about using client certificate authentication with portus?
> My CI runner is automatically given a cert from the local certificate
> authority.  It would be best if I could use this to authenticate the
> builder so it can push images without requiring me to configure and
> securely pass user/pass for each project the runner builds.

To push images you have to use the Docker engine. Right the Docker 
engine authenticates only with a username and password.

> Ideally, auth would allow for client cert or ldap auth.  Is this possible?
> So that a user can log in with their ldap creds and the server can push
> with the client certificate configured for the docker client?

As stated above this would require quite some changes both into the 
Docker engine and later into portus.

Right now you have to create a user on Portus and then use its 
credentials on the CI runner.

We have been thinking about other possible solutions. Would you like the 
possibility to create unique random passwords to give to specif 
applications? I'm thinking about something like Google does with 
"application passwords".

Cheers
Flavio


More information about the Containers mailing list