Changes for several issues related to SFTP and LDAP #1252

djwfyi · 2024-06-20T21:34:39Z

Adds info the docs about recent changes to LDAP and SFTP authentication
Adds new config/envvar parameter
Adds new sftp option for server
Adds new example for forcing ldap or sa auth to SFTP
Adds new example for using certificate authority for auth to SFTP

Closes #1240
Closes #1229
Closes #1226
Closes #1208

Staged:

ravindk89

Something isn't clicking w/ the procedure to set up. A few open questions.

source/includes/k8s/file-transfer-protocol-k8s.rst

source/includes/linux/file-transfer-protocol-not-k8s.rst

source/reference/minio-server/minio-server.rst

Adds new config/envvar parameter Adds new sftp option for server Adds new example for forcing ldap or sa auth to SFTP Closes #1240 Closes #1229 Closes #1226

Closes #1208

feorlen

Words look good! I am very fuzzy on the mTLS bit, someone else may have more useful opinions there.

zveinn · 2024-07-10T15:16:08Z

LGTM

ravindk89

I wont hold the PR on this, but I'm still stumbling a bit on our presentation of the key requirements. If we can slightly clarify that now, great. Otherwise we can launch and then revise as necessary.

source/includes/k8s/file-transfer-protocol-k8s.rst

ravindk89 · 2024-07-10T15:28:22Z

source/includes/k8s/file-transfer-protocol-k8s.rst

+2. MinIO Server signed by the certificate authority
+3. User signed by the certificate authority for the client connecting by SFTP and located in the user's ``.ssh`` folder or equivalent for the operating system
+
+The keys must include a `principals list <https://man.openbsd.org/ssh-keygen#CERTIFICATES>`__ of the user(s) that can authenticate with the key:


All keys? Even the ones MinIO Server uses?

@zveinn Can you clarify?

djwfyi requested review from feorlen, ravindk89 and zveinn June 20, 2024 21:34

djwfyi self-assigned this Jun 20, 2024

ravindk89 requested changes Jun 24, 2024

View reviewed changes