diff options
| author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-02-07 10:01:16 -0500 |
|---|---|---|
| committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-02-14 14:56:33 -0500 |
| commit | b8ebd636ac3a5e2919b3e62041019f26acb1e2c0 (patch) | |
| tree | bf0f06592d0c5d635828ad4536ff86421c1a5a90 /doc | |
| parent | ff0048a3a26c9076c8052a8c7be171e4364f0d09 (diff) | |
| download | bcfg2-b8ebd636ac3a5e2919b3e62041019f26acb1e2c0.tar.gz bcfg2-b8ebd636ac3a5e2919b3e62041019f26acb1e2c0.tar.bz2 bcfg2-b8ebd636ac3a5e2919b3e62041019f26acb1e2c0.zip | |
Metadata: allowed setting global default authentication type
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/appendix/guides/authentication.txt | 33 | ||||
| -rw-r--r-- | doc/server/plugins/grouping/metadata.txt | 4 |
2 files changed, 25 insertions, 12 deletions
diff --git a/doc/appendix/guides/authentication.txt b/doc/appendix/guides/authentication.txt index 3fd0e1e2d..b8ec82590 100644 --- a/doc/appendix/guides/authentication.txt +++ b/doc/appendix/guides/authentication.txt @@ -132,13 +132,26 @@ controlled through the use of the auth attribute in Allowed values are: - +---------------+------------------------------------------+ - | **Auth Type** | **Meaning** | - +===============+==========================================+ - | cert | Certificates must be used | - +---------------+------------------------------------------+ - | cert+password | Certificate or password may be used | - +---------------+------------------------------------------+ - | bootstrap | Password can be used for one client run, | - | | after that certificate is required | - +---------------+------------------------------------------+ ++-------------------+------------------------------------------+ +| Auth Type | Meaning | ++===================+==========================================+ +| ``cert`` | Certificates must be used | ++-------------------+------------------------------------------+ +| ``cert+password`` | Certificate or password may be used. If | +| | a certificate is used, the password must | +| | also be used. | ++-------------------+------------------------------------------+ +| ``bootstrap`` | Password can be used for one client run, | +| | after that only certificate is allowed | ++-------------------+------------------------------------------+ + +``cert+password`` is the default. This can be changed by setting the +``authentication`` parameter in the ``[communcation]`` section of +``bcfg2.conf``. For instance, to set ``bootstrap`` mode as the global +default, you would add the following to ``bcfg2.conf``:: + + [communication] + authentication = bootstrap + +``bootstrap`` mode is currently incompatible with the +:ref:`server-plugins-grouping-metadata-clients-database`. diff --git a/doc/server/plugins/grouping/metadata.txt b/doc/server/plugins/grouping/metadata.txt index 11b3d5496..f4c5cbcb3 100644 --- a/doc/server/plugins/grouping/metadata.txt +++ b/doc/server/plugins/grouping/metadata.txt @@ -32,7 +32,7 @@ clients.xml =========== The ``clients.xml`` file contains the mappings of Profile Groups -to clients. The file is just a series of *<Client />* tags, each of which +to clients. The file is just a series of ``<Client />`` tags, each of which describe one host. A sample file is below: .. code-block:: xml @@ -43,7 +43,7 @@ describe one host. A sample file is below: <Client profile="kerberos-master" name="kdc.example.com"/> <Client profile="mail-server" name="mail.example.com"/> <Client name='foo' address='10.0.0.1'> - <Alias name='foo-mgmt' address='10.1.0.1'/> + <Alias name='foo-mgmt' address='10.1.0.1'/> </Client> </Clients> |