diff options
| author | Jon Robertson <jonrober@stanford.edu> | 2015-02-17 12:27:04 -0800 |
|---|---|---|
| committer | Jon Robertson <jonrober@stanford.edu> | 2015-06-08 15:24:34 -0700 |
| commit | ac97f9268b927cec5af229f496b9dd66332445e4 (patch) | |
| tree | 7bf185d831f7ae86944c43b330262470cbf8e1a0 /docs/stanford-naming | |
| parent | f14bd8343010ad96104965029e36c5a65d231571 (diff) | |
Updated documentation for duo and password objects
The documentation now includes information about the Duo file types, and
the new password types. This is both the general information, and the
Stanford-specific naming docs.
Change-Id: Iae256224a063ce42f22cd933ef7bb3ab402e0e2d
Diffstat (limited to 'docs/stanford-naming')
| -rw-r--r-- | docs/stanford-naming | 97 |
1 files changed, 62 insertions, 35 deletions
diff --git a/docs/stanford-naming b/docs/stanford-naming index c86c820..cb05a23 100644 --- a/docs/stanford-naming +++ b/docs/stanford-naming @@ -90,27 +90,6 @@ Object Naming (OLD: <group>-<server>-htpasswd-<app>) - password-ipmi/<server> - - Stores the password for remote IPMI/iLO/ILOM access to the - system. - - (OLD: <group>-<server>-password-ipmi) - - password-root/<server> - - Stores the root password for a given server. - - (OLD: <group>-<server>-password-root) - - password-tivoli/<server> - - Stores the Tivoli TSM backup password for a given server. See - also tivoli-key/<server>, but depending on what one wants to do - with the password, this may be a better representation. - - (OLD: <group>-<server>-password-tivoli) - ssh-<type>/<server> Stores the SSH private key for <server>. For shared private keys @@ -197,20 +176,6 @@ Object Naming (OLD: <group>-<service>-gpg-key) - password/<group>/<service>/<name> - - A password for some account, service, keystore, or something - similar that is not covered by one of the more specific naming - conventions, such as a password used to connect to a remote ssh - service. <service> is the service that uses this password and - <name> is the thing the password is used for (such as the remote - account name). This may be a file containing only the password, - or a configuration file of some type that includes a field name - and the password. (However, use the db type described above for - database passwords.) - - (OLD: <group>-<server>-password-<account>) - properties/<group>/<service>[/<name>] The properties file for a Java application that contains some @@ -262,6 +227,68 @@ Object Naming <group>-<server>-pam-<app> <group>-<service>-puppetconf <group>-<service>-shibboleth + <group>-<server>-password-ipmi + <group>-<server>-password-root + <group>-<server>-password-tivoli + <group>-<server>-password-<account> + + Replaced by password objects: + + password-ipmi/<server> + password-root/<server> + password-tivoli/<server> + + password/<group>/<service>/<name> should be replaced by the password + service/<group>/<service>/<name> object if a single password, or by + the file object db/* or config/* format if the object contains more + than just the bare password. + + Password + + Passwords are a recent type and so most password data is actually + in file objects. However, we'd like to move things there both for + the added features of password objects to self-set, and because it + helps clean up the file namespace a little more. + + Host-based: + + ipmi/<server> + + Stores the password for remote IPMI/iLO/ILOM access to the + system. + + tivoli/<server> + + Stores the Tivoli TSM backup password for a given server. See + also tivoli-key/<server> in the file section, but depending on + what one wants to do with the password, this may be a better + representation. + + root/<server> + + Stores the root password for a given server. + + system/<server>/<account> + + Stores the password for a non-root system account, such as a user + required for file uploads. + + app/<server>/<application> + + Stores an application password bound to a certain server. + + Service-based: + + service/<group>/<service>/<name> + + A password for some account, service, keystore, or something + similar that is not covered by one of the more specific naming + conventions, such as a password used to connect to a remote ssh + service. <service> is the service that uses this password and + <name> is the thing the password is used for (such as the remote + account name). This should only be for something including the + password and nothing else. See the file password/ object name + for something that includes more data. ACL Naming |