[Kea-users] Stork API Key
Stefan G. Weichinger
lists at xunil.at
Thu Dec 15 16:10:09 UTC 2022
Am 15.12.22 um 16:44 schrieb Eric Graham:
> Thanks, Rick, for the clarification. I dug into the code to double check
> that HTTP basic auth is not used.
>
> The API spec is here:
> https://gitlab.isc.org/isc-projects/stork/-/blob/aa1036c20dd32eaeaa9675b329d8b704dbeeb718/api/users-paths.yaml#L1-L33
>
> If basic auth were in use, there would be a security section as
> described here:
> https://swagger.io/docs/specification/authentication/basic-authentication/
>
> Here is the code that authenticates the user for the /session endpoint:
> https://gitlab.isc.org/isc-projects/stork/-/blob/aa1036c20dd32eaeaa9675b329d8b704dbeeb718/backend/server/restservice/users.go#L54-L68
>
> A use of the middleware to ensure the user is logged in before
> continuing the request:
> https://gitlab.isc.org/isc-projects/stork/-/blob/aa1036c20dd32eaeaa9675b329d8b704dbeeb718/backend/server/restservice/middleware.go#L269-L281
>
>
> In summary, the user provides a username (treated as an email if it
> contains '@' or a username otherwise) and a password, which maps to
> their identity. The password is hashed with PostgreSQL's |crypt|
> function and stored. That identity is tied to the session token, which
> are passed to the server in the session cookie upon any (authenticated)
> request and checked for equality and validity (+ expiration) in the
> database. Basic auth is not checked.
Thanks Rick, thanks Eric!
It's now my turn to figure out how to use this cookie-based approach in
n8n to auth my requests.
--
Aside from that, a bit off-topic in terms of Stork:
querying the ctrl-agent on one of my kea-servers seems to work
un-authenticated:
curl -X POST -H "Content-Type: application/json" -d '{ "command":
"lease4-get-all", "arguments": { "subnets": [1] }, "service": [ "dhcp4"
] }' http://10.0.0.230:8000/
But yes: off-topic in terms of the thread subject ;-)
And maybe related to some missing configuration on my side:
https://kea.readthedocs.io/en/kea-2.2.0/arm/agent.html#configuration
contains a block with:
"
"authentication": {
"type": "basic",
"realm": "kea-control-agent",
"clients": [
{
"user": "admin",
"password": "1234"
} ]
}
"
while the example (home user .. so maybe not that safe) at
https://kea.readthedocs.io/en/kea-2.2.0/arm/config-templates.html
does not contain that "authentication" block (and that's where I copied
from).
So I assume I should add this to my config asap.
Thanks so far, Stefan
More information about the Kea-users
mailing list