Securing Web Interface


Chronological Thread 
  • From: Albert Llop <mrsimo@gmail.com>
  • To: chef@lists.opscode.com
  • Subject: Securing Web Interface
  • Date: Tue, 9 Jun 2009 12:27:24 +0200
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; b=YFU/XURzrvcQOOvP5qN+dT+vrGuvqVbpUeL6Kkgp3FhFFmx8XrQqesoFIRKSJtdoSz +HHc1MUpupSnV2/U90bib0BBZ/k0R5PoYf9zr75BcjDygzj4W5dNgnIn2g1Sd14OtpZq Df0uD254piX1XFrb23jOsljvHDLE76MSQsAyA=

Hi there,

I think I've gotten the hang of Chef the last few days, but I still have a couple questions, if anyone minds answering.

I've managed to "secure" the admin with the authorized_openid_identifiers config option, but the only thing it does is not allow people to log in. Everyone can still browse my servers attributes and cookbooks, and I'd prefer not to let them.

I thought about using a basic http authentication configuring nginx (I'm serving chef through passenger for nginx), but then (correct me if I'm mistaken), the clients won't be able to acces, and will need the password aswell, will they? Am I missing something?

Managed to install the 0.6.3 version from github master (with a lot of problems, but still), and I see it requires you to log in right away, so that's something I like. I could wait until the next release, but do you guys have a tip for what can I do right now?

Thanks a lot!

--
Albert Llop



Archive powered by MHonArc 2.6.16.

§