From ac97f9268b927cec5af229f496b9dd66332445e4 Mon Sep 17 00:00:00 2001 From: Jon Robertson Date: Tue, 17 Feb 2015 12:27:04 -0800 Subject: Updated documentation for duo and password objects The documentation now includes information about the Duo file types, and the new password types. This is both the general information, and the Stanford-specific naming docs. Change-Id: Iae256224a063ce42f22cd933ef7bb3ab402e0e2d --- docs/stanford-naming | 97 +++++++++++++++++++++++++++++++++------------------- 1 file changed, 62 insertions(+), 35 deletions(-) (limited to 'docs/stanford-naming') diff --git a/docs/stanford-naming b/docs/stanford-naming index c86c820..cb05a23 100644 --- a/docs/stanford-naming +++ b/docs/stanford-naming @@ -90,27 +90,6 @@ Object Naming (OLD: --htpasswd-) - password-ipmi/ - - Stores the password for remote IPMI/iLO/ILOM access to the - system. - - (OLD: --password-ipmi) - - password-root/ - - Stores the root password for a given server. - - (OLD: --password-root) - - password-tivoli/ - - Stores the Tivoli TSM backup password for a given server. See - also tivoli-key/, but depending on what one wants to do - with the password, this may be a better representation. - - (OLD: --password-tivoli) - ssh-/ Stores the SSH private key for . For shared private keys @@ -197,20 +176,6 @@ Object Naming (OLD: --gpg-key) - password/// - - A password for some account, service, keystore, or something - similar that is not covered by one of the more specific naming - conventions, such as a password used to connect to a remote ssh - service. is the service that uses this password and - is the thing the password is used for (such as the remote - account name). This may be a file containing only the password, - or a configuration file of some type that includes a field name - and the password. (However, use the db type described above for - database passwords.) - - (OLD: --password-) - properties//[/] The properties file for a Java application that contains some @@ -262,6 +227,68 @@ Object Naming --pam- --puppetconf --shibboleth + --password-ipmi + --password-root + --password-tivoli + --password- + + Replaced by password objects: + + password-ipmi/ + password-root/ + password-tivoli/ + + password/// should be replaced by the password + service/// object if a single password, or by + the file object db/* or config/* format if the object contains more + than just the bare password. + + Password + + Passwords are a recent type and so most password data is actually + in file objects. However, we'd like to move things there both for + the added features of password objects to self-set, and because it + helps clean up the file namespace a little more. + + Host-based: + + ipmi/ + + Stores the password for remote IPMI/iLO/ILOM access to the + system. + + tivoli/ + + Stores the Tivoli TSM backup password for a given server. See + also tivoli-key/ in the file section, but depending on + what one wants to do with the password, this may be a better + representation. + + root/ + + Stores the root password for a given server. + + system// + + Stores the password for a non-root system account, such as a user + required for file uploads. + + app// + + Stores an application password bound to a certain server. + + Service-based: + + service/// + + A password for some account, service, keystore, or something + similar that is not covered by one of the more specific naming + conventions, such as a password used to connect to a remote ssh + service. is the service that uses this password and + is the thing the password is used for (such as the remote + account name). This should only be for something including the + password and nothing else. See the file password/ object name + for something that includes more data. ACL Naming -- cgit v1.2.3