Version 2015.5.0-1454-g6b0044a
salt.auth.pki¶
Authenticate via a PKI certificate.
Note
This module is Experimental and should be used with caution
Provides an authenticate function that will allow the caller to authenticate a user via their public cert against a pre-defined Certificate Authority.
TODO: Add a 'ca_dir' option to configure a directory of CA files, a la Apache.
| depends: |
|
|---|
-
salt.auth.pki.auth(pem, **kwargs)¶ Returns True if the given user cert was issued by the CA. Returns False otherwise.
pem: a pem-encoded user public key (certificate)Configure the CA cert in the master config file:
external_auth: pki: ca_file: /etc/pki/tls/ca_certs/trusted-ca.crt