Expand/document remote tctl execution #1525
Assignees
Labels
tctl
tctl - Teleport admin tool
Comments
|
The CLI syntax is TBD |
|
Where can we find the spec on how the format of a tctl file has to looks like? |
|
@MattiasGees sorry I'm not following. what do you mean by "tctl file"? |
|
if you meant "config file" it's the same one |
|
@klizhentas can we make the CLI identical between i.e. it's "server" without "s" and it doesn't require https prefix. I would propose we make both forms acceptable |
|
BTW I believe in Teleport you can do |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Sometimes it makes sense to execute tctl command non locally, e.g see comment.
Tctl by design supports remote auth server execution, however there is no UX flow for this yet.
This issue specifies additional configuration flags and UX flow for those cases.
Auth sign
Auth sign will be extended to generate identity in the format understood by tctl.
Users will have to create a special admin user with defined roles and will be able to issue client certificates for auth server authentication:
The resulting
identity.pemis a pair of x509 key and client certificate that could be used to communicate to the auth server.Connecting to remote auth servers
Later on, users or robots can issue commands remotely:
--auth-serversflag is added to point to remote auth servers (right now, the list of auth servers is pulled from the config file)--identityflag is added to point to the client certificate/key pair pem file for authentication.pem file also contains certificate authority to trust as issued by the auth server, so client can verify the identity of the auth servers it is conecting to
The text was updated successfully, but these errors were encountered: