Add client certificate auth page #8105
Conversation
|
... |
| certificates for each client. Sites in this category have an existing PKI | ||
| infrastructure, possibly including an onsite CA. | ||
|
|
||
| This feature is *not* appropriate for sites that would need to generate a set of |
There was a problem hiding this comment.
I don't think we need to emphasize "not"
There was a problem hiding this comment.
Again, we're trying to steer users away from this page. Only 1 in 500 sites will need it.
There was a problem hiding this comment.
In other places we use strongly suggest etc. With bold. I suggest we stick with the bold convention for any emphasis.
There was a problem hiding this comment.
I am in favour of leaving as is. "Strongly suggest" just feels too weak..
|
|
||
| Trino can be configured to support certified clients seeking validation from a | ||
| Trino server. This authentication method is only provided to support sites that | ||
| have an absolute requirement for client authentication *and already have* client |
There was a problem hiding this comment.
Is there guidance in the Google Dev TW guide about emphasizing sentences using italics? I'm not sure its necessary: https://developers.google.com/style/text-formatting
There was a problem hiding this comment.
It is very necessary to make sure our readers know they must already have client certs, or they're barking up the wrong tree. Now, I'm open to suggestions on how we go about designating that making-sure. Goog allows emphasis to "draw attention to a specific word or phrase," so that appears to fit.
There was a problem hiding this comment.
If its a blocker then wouldn't a caution/notice of some form be better to draw emphasis? https://developers.google.com/style/notices
There was a problem hiding this comment.
OK, you've swayed me. I put an Important note in the JWT page to narrow the readership, and so there should be one here. Caution, Notice, and Warning are all too strong -- they won't lose data if they configure cert auth, only time and brain cells.
There was a problem hiding this comment.
In other places we use strongly suggest etc. With bold. I suggest we stick with the bold convention for any emphasis.
That having been said, I would also feel better about this being a separate callout in a warning if it is indeed that dire.
|
|
||
| This feature is *not* appropriate for sites that would need to generate a set of | ||
| client certificates in order to use this authentication method. Starburst | ||
| recommends instead configuring one of the password-based authentication methods, |
There was a problem hiding this comment.
This sentence reads awkwardly to me, would a list work better since its a grouping of 3 alternatives?
There was a problem hiding this comment.
+1. Also, it's better to emphasis what they should do rather than give a visual bump to a no-no.
| Certificate authentication | ||
| ========================== | ||
|
|
||
| Trino can be configured to support certified clients seeking validation from a |
There was a problem hiding this comment.
"certified clients" sounds wrong.
maybe more like (need tweaking)
Trino can be configured to allow clients to authenticate with a certificate that is supplied upon connection
There was a problem hiding this comment.
"You can configure Trino to support client-provided certificates validated by the Trino server on initial connection."
| ========================== | ||
|
|
||
| Trino can be configured to support certified clients seeking validation from a | ||
| Trino server. This authentication method is only provided to support sites that |
|
|
||
| Trino can be configured to support certified clients seeking validation from a | ||
| Trino server. This authentication method is only provided to support sites that | ||
| have an absolute requirement for client authentication *and already have* client |
There was a problem hiding this comment.
requirement for client authentication? certificate authentication would be right here I think
| Trino can be configured to support certified clients seeking validation from a | ||
| Trino server. This authentication method is only provided to support sites that | ||
| have an absolute requirement for client authentication *and already have* client | ||
| certificates for each client. Sites in this category have an existing PKI |
| Trino server. This authentication method is only provided to support sites that | ||
| have an absolute requirement for client authentication *and already have* client | ||
| certificates for each client. Sites in this category have an existing PKI | ||
| infrastructure, possibly including an onsite CA. |
|
|
||
| http-server.authentication.type=CERTIFICATE,PASSWORD | ||
|
|
||
| The following configuration properties for ``etc/config.properties`` are also |
There was a problem hiding this comment.
omit "for etc/config.properties"
There was a problem hiding this comment.
I left "also" in unless you object again, because this table is not all properties for cert auth. It does not repeat the auth.type=CERT property above. Thus, the following are also available.
| infrastructure, possibly including an onsite CA. | ||
|
|
||
| This feature is *not* appropriate for sites that would need to generate a set of | ||
| client certificates in order to use this authentication method. Starburst |
There was a problem hiding this comment.
This Trino. Not Starburst.
|
One commit was an inadvertent merge, so this PR won't squash cleanly with git rebase. Closing this PR to make a new one with only the most recent changes. |
No description provided.