Bradley Girardeau
301a22295d
ldap: add ability to set policies based on username as well as groups
2015-07-14 15:46:15 -07:00
Bradley Girardeau
0e2edc2378
ldap: add ability to login with a userPrincipalName (user@upndomain)
2015-07-14 15:37:46 -07:00
Armon Dadgar
504a7ca7c1
auth/userpass: store password as hash instead of direct. Credit @kenbreeman
2015-07-13 15:09:24 +10:00
Armon Dadgar
da4650ccb4
auth/userpass: protect against timing attack. Credit @kenbreeman
2015-07-13 15:01:18 +10:00
Armon Dadgar
599d5f1431
auth/app-id: protect against timing attack. Credit @kenbreeman
2015-07-13 14:58:18 +10:00
Bradley Girardeau
42050fe77b
ldap: add starttls support and option to specificy ca certificate
2015-07-02 15:49:51 -07:00
Armon Dadgar
b52d3e6506
cred/app-id: testing upgrade to salted keys
2015-06-30 18:37:10 -07:00
Armon Dadgar
eeb717c901
cred/app-id: first pass at automatic upgrading to salting
2015-06-30 18:09:08 -07:00
Armon Dadgar
4b27e4d8c5
Remove SetLogger, and unify on framework.Setup
2015-06-30 17:45:20 -07:00
Armon Dadgar
5d69e7da90
Updating for backend API change
2015-06-30 17:36:12 -07:00
Armon Dadgar
3c58773598
Merge pull request #380 from kgutwin/cert-cli
...
Enable TLS client cert authentication via the CLI
2015-06-30 11:44:28 -07:00
Armon Dadgar
b1f7e2f0ea
ldap: fixing merge conflict
2015-06-30 09:40:43 -07:00
Karl Gutwin
0062d923cc
Better error messages.
2015-06-30 08:59:38 -04:00
Karl Gutwin
a54ba31635
Merge remote-tracking branch 'upstream/master' into cert-cli
2015-06-30 08:31:00 -04:00
Karl Gutwin
dafcc5b2ce
enable CLI cert login
2015-06-29 23:29:41 -04:00
esell
c0e1843263
change skipsslverify to insecure_tls
2015-06-29 19:23:31 -06:00
Armon Dadgar
337997ab04
Fixing merge conflict
2015-06-29 14:50:55 -07:00
esell
e81f966842
Set SkipSSLVerify default to false, add warning in help message
2015-06-24 13:38:14 -06:00
esell
d3225dae07
cleanup the code a bit
2015-06-24 10:09:29 -06:00
esell
84371ea734
allow skipping SSL verification on ldap auth
2015-06-24 10:05:45 -06:00
Armon Dadgar
45d3c512fb
builtin: fixing API change in logical framework
2015-06-17 14:34:11 -07:00
Mitchell Hashimoto
4bf84392ec
credential/github: get rid of stray tab
2015-06-16 10:05:51 -07:00
Mitchell Hashimoto
0ecf05c043
command/auth, github: improve cli docs
...
/cc @sethvargo
2015-06-16 10:05:11 -07:00
Christian Svensson
e3d3012795
Record the common name in TLS metadata
...
It is useful to be able to save the client cert's Common Name for auditing purposes when using a central CA.
This adds a "common_name" value to the Metadata structure passed from login.
2015-06-14 23:18:21 +01:00
Ian Unruh
2e1bce27a9
Allow dot in LDAP login username
2015-05-20 11:54:15 -07:00
Armon Dadgar
cc966d6b52
auth/cert: Guard against empty certs. Fixes #214
2015-05-18 16:11:09 -07:00
Armon Dadgar
56659a2db2
cred/app-id: ensure consistent error message
2015-05-15 11:45:57 -07:00
Armon Dadgar
8cff23f29b
cred/app-id: stricter validation and error messaging
2015-05-15 11:40:45 -07:00
Jonathan Sokolowski
6746a24c78
credential/app-id: Test DeleteOperation
2015-05-14 22:30:02 +10:00
Etourneau Gwenn
a3fe4b889f
Fix Error message
2015-05-12 14:32:09 +09:00
Mitchell Hashimoto
1ca0b2340c
credential/app-id: add hash of user/app ID to metadata for logs
2015-05-11 10:46:11 -07:00
Mitchell Hashimoto
5406d3189e
Merge pull request #184 from hashicorp/b-github-casing
...
credential/github: case insensitive mappings
2015-05-11 10:27:45 -07:00
Mitchell Hashimoto
5c63b70eea
logical/framework: PathMap is case insensitive by default
2015-05-11 10:27:04 -07:00
Mitchell Hashimoto
4e861f29bc
credential/github: case insensitive mappings
2015-05-11 10:24:39 -07:00
Giovanni Bajo
8156b88353
auth/ldap: move password into InternalData
2015-05-09 22:06:34 +02:00
Giovanni Bajo
84388b2b20
auth/ldap: move username into the path (to allow per-user revokation on the path)
2015-05-09 22:06:28 +02:00
Giovanni Bajo
5e899e7de2
auth/ldap: fix pasto
2015-05-09 22:06:22 +02:00
Giovanni Bajo
1e1219dfcc
auth/ldap: implement login renew
2015-05-09 22:04:20 +02:00
Giovanni Bajo
a0f53f177c
auth/ldap: document LDAP server used in tests
2015-05-09 22:04:20 +02:00
Giovanni Bajo
b4093e2ddf
auth/ldap: add acceptance tests
2015-05-09 22:04:20 +02:00
Giovanni Bajo
02d3b1c74c
auth/ldap: add support for groups with unique members
2015-05-09 22:04:20 +02:00
Giovanni Bajo
c313ff2802
auth/ldap: implement authorization via LDAP groups
2015-05-09 22:04:20 +02:00
Giovanni Bajo
dc6b4ab9db
auth/ldap: add configuration path for groups
2015-05-09 22:04:20 +02:00
Giovanni Bajo
7e39da2e67
Attempt connection to LDAP server at login time.
...
Also switch to a LDAP library fork which fixes a panic when
shutting down a connection immediately.
2015-05-09 22:04:19 +02:00
Giovanni Bajo
7492c5712a
Initial implementation of the LDAP credential backend
2015-05-09 22:04:19 +02:00
Seth Vargo
f3c3f4717a
Remove references to -var
2015-05-08 11:45:29 -04:00
Armon Dadgar
a6a4bee2ee
cred/app-id: Add help synopsis to login path
2015-05-07 15:45:43 -07:00
Seth Vargo
04015fdf55
Fix output from GitHub help
2015-05-07 14:13:12 -04:00
Trevor Pounds
582677b134
Fix documentation typo.
2015-04-28 22:15:56 -07:00
Armon Dadgar
9087471bad
credential/cert: support leasing and renewal
2015-04-24 12:58:39 -07:00