Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't set logins directly from allowed logins for CertAuthority V2. #919

Merged
merged 2 commits into from
Apr 12, 2017
Merged

Don't set logins directly from allowed logins for CertAuthority V2. #919

merged 2 commits into from
Apr 12, 2017

Conversation

russjones
Copy link
Contributor

Purpose

As covered in #918, when you export CAs using the new style format, you will see the following in the Web UI:

access denied to root connecting to node-on-second-cluster                                                                                
disconnected

The reason is because we were settings logins directly from allowed logins. This PR changes this behavior to match the behavior for how we parse CAs in the known_hosts format, we don't set logins directly but rather create a role first and add the role to the CertAuthority.

Implementation

  • Don't directly set allowedLogins.

Related Issues

Fixes #918

klizhentas
klizhentas reviewed Apr 11, 2017
View reviewed changes
docker/README.md Outdated
@@ -87,6 +87,37 @@ To setup Trusted Clusters:
tctl -c /root/go/src/github.com/gravitational/teleport/docker/two-auth.yaml create -f docker/two-tc.yaml
```

#### Trusted Clusters with File Configuration

1. Export the CA for both clusters:
Copy link
Contributor

@klizhentas klizhentas Apr 11, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

numbered lists don't look that good in the docs really, consider adding subtitles instead to separate sections

Export keys

klizhentas
klizhentas reviewed Apr 11, 2017
View reviewed changes
Copy link
Contributor

@klizhentas klizhentas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

have a comment on the docs, otherwise lgtm

@pmoust pmoust mentioned this pull request Apr 11, 2017
Closed
@russjones russjones force-pushed the rjones/trusted-cluster-fix branch 2 times, most recently from 0e46849 to 7f19f6c Compare April 11, 2017 23:57
@russjones russjones merged commit 6eb4bc3 into master Apr 12, 2017
@russjones russjones deleted the rjones/trusted-cluster-fix branch April 12, 2017 00:02
hatched pushed a commit to hatched/teleport-merge that referenced this pull request Nov 30, 2022
@gzdunek
Add default username for Redis (gravitational#919)
17e9a71
hatched pushed a commit that referenced this pull request Dec 20, 2022
@gzdunek
Add default username for Redis (#919)
b1b8e14
hatched pushed a commit that referenced this pull request Feb 1, 2023
@gzdunek
Add default username for Redis (#919) (#931)
a7affbc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klizhentas klizhentas klizhentas left review comments

@kontsevoy kontsevoy Awaiting requested review from kontsevoy

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@russjones @klizhentas