diff options
| -rw-r--r-- | docs/objects-and-schemes | 24 | ||||
| -rw-r--r-- | docs/stanford-naming | 97 |
2 files changed, 81 insertions, 40 deletions
diff --git a/docs/objects-and-schemes b/docs/objects-and-schemes index 97e6289..763a24b 100644 --- a/docs/objects-and-schemes +++ b/docs/objects-and-schemes @@ -10,17 +10,21 @@ Introduction Object Types - duo + duo-ldap + duo-pam + duo-radius + duo-rdp Stores the configuration for a Duo Security integration. Duo is a cloud provider of multifactor authentication services. A Duo integration consists of some local configuration and a secret key that permits verification of a second factor using the Duo cloud service. - Currently, only UNIX integrations are supported. In the future, this - object type will likely be split into several object types - corresponding to the supported types of Duo integrations. + Each of these types is the same except for the output, which is + specialized towards giving information in the format suited for a + specific application. - Implemented via Wallet::Object::Duo. + Implemented via Wallet::Object::Duo::PAM, Wallet::Object::Duo::RDP, + Wallet::Object::Duo::LDAPProxy, Wallet::Object::Duo::RadiusProxy. file @@ -33,6 +37,16 @@ Object Types Implemented via Wallet::Object::File. + password + + Stores a file with single password in it and allows retrieval of that + file. This is built on the file object and is almost entirely + identical in function. It adds the ability to automatically generate + randomized content if you get the object before it's been stored, + letting you get autogenerated passwords. + + Implemented via Wallet::Object::Password. + keytab Stores a keytab representing private keys for a given Kerberos diff --git a/docs/stanford-naming b/docs/stanford-naming index c86c820..cb05a23 100644 --- a/docs/stanford-naming +++ b/docs/stanford-naming @@ -90,27 +90,6 @@ Object Naming (OLD: <group>-<server>-htpasswd-<app>) - password-ipmi/<server> - - Stores the password for remote IPMI/iLO/ILOM access to the - system. - - (OLD: <group>-<server>-password-ipmi) - - password-root/<server> - - Stores the root password for a given server. - - (OLD: <group>-<server>-password-root) - - password-tivoli/<server> - - Stores the Tivoli TSM backup password for a given server. See - also tivoli-key/<server>, but depending on what one wants to do - with the password, this may be a better representation. - - (OLD: <group>-<server>-password-tivoli) - ssh-<type>/<server> Stores the SSH private key for <server>. For shared private keys @@ -197,20 +176,6 @@ Object Naming (OLD: <group>-<service>-gpg-key) - password/<group>/<service>/<name> - - A password for some account, service, keystore, or something - similar that is not covered by one of the more specific naming - conventions, such as a password used to connect to a remote ssh - service. <service> is the service that uses this password and - <name> is the thing the password is used for (such as the remote - account name). This may be a file containing only the password, - or a configuration file of some type that includes a field name - and the password. (However, use the db type described above for - database passwords.) - - (OLD: <group>-<server>-password-<account>) - properties/<group>/<service>[/<name>] The properties file for a Java application that contains some @@ -262,6 +227,68 @@ Object Naming <group>-<server>-pam-<app> <group>-<service>-puppetconf <group>-<service>-shibboleth + <group>-<server>-password-ipmi + <group>-<server>-password-root + <group>-<server>-password-tivoli + <group>-<server>-password-<account> + + Replaced by password objects: + + password-ipmi/<server> + password-root/<server> + password-tivoli/<server> + + password/<group>/<service>/<name> should be replaced by the password + service/<group>/<service>/<name> object if a single password, or by + the file object db/* or config/* format if the object contains more + than just the bare password. + + Password + + Passwords are a recent type and so most password data is actually + in file objects. However, we'd like to move things there both for + the added features of password objects to self-set, and because it + helps clean up the file namespace a little more. + + Host-based: + + ipmi/<server> + + Stores the password for remote IPMI/iLO/ILOM access to the + system. + + tivoli/<server> + + Stores the Tivoli TSM backup password for a given server. See + also tivoli-key/<server> in the file section, but depending on + what one wants to do with the password, this may be a better + representation. + + root/<server> + + Stores the root password for a given server. + + system/<server>/<account> + + Stores the password for a non-root system account, such as a user + required for file uploads. + + app/<server>/<application> + + Stores an application password bound to a certain server. + + Service-based: + + service/<group>/<service>/<name> + + A password for some account, service, keystore, or something + similar that is not covered by one of the more specific naming + conventions, such as a password used to connect to a remote ssh + service. <service> is the service that uses this password and + <name> is the thing the password is used for (such as the remote + account name). This should only be for something including the + password and nothing else. See the file password/ object name + for something that includes more data. ACL Naming |