-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add LDAP public key authentication to SFTP #19833
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just some minor things. I cannot judge if this is functionally correct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you push the changes to another branch?
The changes have been resolved locally, I haven't pushed anything up yet. Harsha asked for some tests to accompany the changes. |
@klauspost changes are pushed :) sorry for the confusion |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍🏼
Community Contribution License
All community contributions in this pull request are licensed to the project maintainers
under the terms of the Apache 2 license.
By creating this pull request I represent that I have the right to license the
contributions to the project maintainers under the Apache 2 license.
Description
This PR introduces public key authentication for LDAP users in the SFTP driver.
The public key attribute can be included in the users dn attributes using MC:
More information about the LDAP implementation can be found within this PR: #19758
This PR also includes a new cli parameter for sftp which lets the operator disable password authentication.
Additionally, we are experimenting with new suffixes for SFTP authentication. In order to force service account or ldap authentication the user can authenticate with
=ldap
or=svc
as suffixes to their usernames.Motivation and Context
How to test this PR?
This repository: https://github.com/minio/minio-iam-testing includes an ldap setup with sftp keys.
Once configured, simply create a bucket and then upload a file using scp:
Types of changes
Checklist:
commit-id
orPR #
here)