Hello, I'm interested in how much effort would be involved (and whether it's architecturally sensible) to extend the MC / Choria Authentication to include some sort of tiered auth, like 2Factor, or an LDAP / Kerberos password challenge. I was thinking it would be something you would opt in to, so certain certificates needed an extra challenge (and then I could give those certificates super access with the built in RBAC). Is that something that could be done inside MCollective, or would it have to happen at the middleware layer - you wouldn't even allow a message to enter NATS unless it passes the second challenge? What I wouldn't want is every MC Server to challenge a message individually... A second level of authentication added to a Federation Broker perhaps? Thoughts?
Thanks, -Luke -- --- You received this message because you are subscribed to the Google Groups "mcollective-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
