Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Display tokens/credentials for basic authentication? #140

Closed
southwolf opened this issue Mar 4, 2019 · 2 comments
Closed

Display tokens/credentials for basic authentication? #140

southwolf opened this issue Mar 4, 2019 · 2 comments

Comments

@southwolf
Copy link

Is your feature request related to a problem? Please describe.

K3s created a passwd file by

--basic-auth-file /var/lib/rancher/k3s/server/cred/passwd

The passwords are just randomly generated see code

and never displayed, no one can connect to the API using basic auth even if it's already set

Describe the solution you'd like

Display the passwords in setup logs

Describe alternatives you've considered

Let user input the password, if not, generate one.
@southwolf southwolf changed the title Listing tokens/credentials for basic authentication? Display tokens/credentials for basic authentication? Mar 4, 2019
@ibuildthecloud
Copy link
Contributor

When the server starts is always outputs a kubeconfig at /etc/rancher/k3s/k3s.yaml or where you configure it to with --write-kubeconfig .... In that file it uses basic auth. For example

users:
- name: default
  user:
    password: a36b883d48d0298713d009a2e9261378
    username: admin

We do purposely avoid printing any credentials in the logs or output because most people consider that a security issue. But in general the idea is you clients should just use the kubeconfig that is generated. And also the credential is random only on the first start. After that it won't change it.

@southwolf
Copy link
Author

@ibuildthecloud Thanks for the notice! I forgot to look into the kubeconfig. Mea culpa! Closing this issue.

@vicenteherrera vicenteherrera mentioned this issue Apr 1, 2020
Merged
@TrueCarry TrueCarry mentioned this issue Apr 4, 2021
Closed
@maxianwei maxianwei mentioned this issue May 13, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@southwolf @ibuildthecloud