Authentication for the registry can be handled by either the registry itself, LDAP or external JWT endpoint.
Additional external authentication providers (such as GitHub) can be used on top of this choice.
It is
highly recommended to require encrypted client passwords. External passwords used in the Docker client will be stored in
plaintext!
Enable this requirement now.
Note: The "Require Encrypted Client Passwords" feature is currently enabled which will
prevent passwords from being saved as plaintext by the Docker client.
Authentication: |
|
JSON Web Token authentication allows your organization to provide an HTTP endpoint that
verifies user credentials on behalf of
.
Documentation
on the API required can be found here:
https://github.com/coreos/jwt-auth-example.
User Verification Endpoint: |
The URL (starting with http or https) on the JWT authentication server for verifying username and password credentials.
Credentials will be sent in the Authorization header as Basic Auth, and this endpoint should return 200 OK on success (or a 4** otherwise).
|
User Exists Endpoint: |
The URL (starting with http or https) on the JWT authentication server for checking whether a username exists.
The username will be sent in the Authorization header as Basic Auth, and this endpoint should return 200 OK on success (or a 4** otherwise).
|
Authentication Issuer: |
The id of the issuer signing the JWT token. Must be unique to your organization.
|
Public Key: |
A certificate containing the public key portion of the key pair used to sign
the JSON Web Tokens. This file must be in PEM format.
|
LDAP URI: |
The full LDAP URI, including the ldap:// or ldaps:// prefix.
|
Base DN: |
A list of Distinguished Name pieces which forms the base path for
looking up all LDAP records.
Example: [dc=my,dc=domain,dc=com]
|
User Relative DN: |
A list of Distinguished Name pieces which forms the base path for
looking up all user LDAP records, relative to the Base DN defined above.
Example: [ou=employees]
|
Administrator DN: |
The Distinguished Name for the Administrator account. This account must be able to login and view the records for all user accounts.
Example: uid=admin,ou=employees,dc=my,dc=domain,dc=com
|
Administrator DN Password: |
Note: This will be stored in
plaintext inside the config.yaml, so setting up a dedicated account or using
a password hash is highly recommended.
The password for the Administrator DN.
|
UID Attribute: |
The name of the property field in your LDAP user records that stores your
users' username. Typically "uid".
|
Mail Attribute: |
The name of the property field in your LDAP user records that stores your
users' e-mail address(es). Typically "mail".
|