Skip to content
/ kubernetes-linotp-authn Public

A Simple Webhook server for integrating Kubernetes with OTP (One Time Password) authentication backed by LinOTP

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jtogrul/kubernetes-linotp-authn

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Godeps
Godeps
 
 
auth
auth
 
 
models
models
 
 
README.md
README.md
 
 
config.yaml
config.yaml
 
 
example_request.sh
example_request.sh
 
 
kube-token-authr.go
kube-token-authr.go
 
 

Repository files navigation

Kubernetes OTP Authentication

This repository contains source code for a simple program I created to integrate OneTime Password authentication into Kubernetes. Right now the program only support LinOTP as a OTP backend The program is integrated with Kubernetes via Authentication Webhooks

How does it work

This program excepts authentication token that gets passed when sending a command to Kubernetes (i.e kubectl command) to be base64 encoding of username and one-time-password combination. For example, to generate a token for username john and with OTP password 123456 generated by LinOTP you have to Base64 encode "john:123456". That is am9objoxMjM0NTY= Now you should pass this token to your kubectl commands via --token flag.

kubectl get nodes --token am9objoxMjM0NTY=

Configuration

Use cases

  • To make authencation more secure
  • If you use a CI tool like Jenkins with manual user approves to deploy to Kubernetes OTP is perfect to preved passwords to be stored in logs etc.

Plan

  • Add more backends
  • Imrpove code
  • Dockerize
  • Create Kubernetes addon

About

A Simple Webhook server for integrating Kubernetes with OTP (One Time Password) authentication backed by LinOTP

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages