基于SSL的Docker用户身份验证 [英] Docker user authentication against LDAP over SSL

查看:624
本文介绍了基于SSL的Docker用户身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想为docker守护程序添加身份验证和授权,以提高安全性。

I want to add Authentication and Authorization for the docker daemon for more security.

用例: -

任何命令只能由有效用户发给docker守护程序,用户有权执行命令。这里我想使用LDAP进行用户身份验证。

Any command can be issued to the docker daemon by only valid user and that the user has the rights to execute the command. Here I want to use LDAP for user authentication.

问: - Docker是否与LDAP集成在上述用例中?如果没有,那么有什么工作呢?

Q :- Does docker has integration with LDAP for above use case ? If not then any work around to do this ?

我想要帮助如何继续这个。一些初学者会帮助。

I want help how to proceed on this. some starters will help.

请告诉我。感谢您的回答!

Please advise me. Thanks for answer !

推荐答案

保护docker守护程序的一种方法是仅向具有访问权限的用户授予套接字文件。 Docker使用一个名为 docker 的组,所以将用户添加到此组可以访问所有docker命令 gpasswd -a user docker 。但是,这并不限制用户可以运行的命令。

One way to protect docker daemon is to give access to the socket file only to users who should have access. Docker uses a group called docker, so adding a user to this group gives access to all docker commands gpasswd -a user docker. This however does not restrict the commands a user can run.

如果您希望使用LDAP身份验证和限制命令,请查看 Docker远程API ,Docker客户端也在内部使用。您可以使用它来控制docker守护进程,添加自己的身份验证,对命令的限制等。

If you'd prefer LDAP authentication and restriction on commands, take a look at Docker remote API which is used internally by docker client as well. You can use it to control docker daemon, add your own authentication, restriction on commands, etc.

这篇关于基于SSL的Docker用户身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆