Keywhiz authentication

[Rafa]

Hello!

I was wondering if it is possible to authenticate to Keywhiz without client certs (and not using the PKI infra). I was reading that there is a cookie version for authentication but the documentation didn't guide through it. Do you guys have knowledge of authentication alternatives? 

Thanks in advance!

[Matthew McPherrin]

The cookies are used for authenticating administrative users (via the CLI, or web UI).

We were actually thinking of removing that and focusing on using an x509 PKI only.  As-is today, Keywhiz isn't suitable if you don't want to run a PKI.

I'd be open to using Kerberos instead of PKI but we haven't even designed that yet - never mind written it.

--
You received this message because you are subscribed to the Google Groups "keywhiz-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keywhiz-user...@googlegroups.com.
To post to this group, send email to keywhi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keywhiz-users/217654f6-9e2c-4dac-b2c6-53ab161859f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Rafa]

Yes, we don't have a PKI that can help us backing up Keywhiz deployment. 

Thank you very much for your response.