Authentication for the registry can be handled by either the registry itself, LDAP or external JWT endpoint.
Additional external authentication providers (such as GitHub) can be used on top of this choice.
It is
highly recommended to require encrypted client passwords. External passwords used in the Docker client will be stored in
plaintext!
Enable this requirement now.
Note: The "Require Encrypted Client Passwords" feature is currently enabled which will
prevent passwords from being saved as plaintext by the Docker client.
Authentication: |
|
Keystone Authentication URL: |
The URL (starting with http or https) of the Keystone Server endpoint for auth.
|
Keystone Administrator Username: |
The username for the Keystone admin.
|
Keystone Administrator Password: |
The password for the Keystone admin.
|
Keystone Administrator Tenant: |
The tenant (project/group) that contains the administrator user.
|
JSON Web Token authentication allows your organization to provide an HTTP endpoint that
verifies user credentials on behalf of
.
Documentation
on the API required can be found here:
https://github.com/coreos/jwt-auth-example.
User Verification Endpoint: |
The URL (starting with http or https) on the JWT authentication server for verifying username and password credentials.
Credentials will be sent in the Authorization header as Basic Auth, and this endpoint should return 200 OK on success (or a 4** otherwise).
|
Authentication Issuer: |
The id of the issuer signing the JWT token. Must be unique to your organization.
|
Public Key: |
A certificate containing the public key portion of the key pair used to sign
the JSON Web Tokens. This file must be in PEM format.
|
LDAP URI: |
The full LDAP URI, including the ldap:// or ldaps:// prefix.
|
Base DN: |
A list of Distinguished Name pieces which forms the base path for
looking up all LDAP records.
Example: [dc=my,dc=domain,dc=com]
|
User Relative DN: |
A list of Distinguished Name pieces which forms the base path for
looking up all user LDAP records, relative to the Base DN defined above.
Example: [ou=employees]
|
Administrator DN: |
The Distinguished Name for the Administrator account. This account must be able to login and view the records for all user accounts.
Example: uid=admin,ou=employees,dc=my,dc=domain,dc=com
|
Administrator DN Password: |
Note: This will be stored in
plaintext inside the config.yaml, so setting up a dedicated account or using
a password hash is highly recommended.
The password for the Administrator DN.
|
UID Attribute: |
The name of the property field in your LDAP user records that stores your
users' username. Typically "uid".
|
Mail Attribute: |
The name of the property field in your LDAP user records that stores your
users' e-mail address(es). Typically "mail".
|
Custom TLS Certificate: |
If specified, the certificate (in PEM format) for the LDAP TLS connection.
|
Allow insecure: |
Allow fallback to non-TLS connections
If enabled, LDAP will fallback to insecure non-TLS connections if TLS does not succeed.
|