38 lines
796 B
Markdown
38 lines
796 B
Markdown
Next steps:
|
|
|
|
Certificate Generation:
|
|
- User account is created
|
|
- User can input SSH pubkey into profile page
|
|
- Keywarden creates signed SSH Certificate from User's pubkey and Keywarden CA
|
|
|
|
Grant:
|
|
- User requests access to target server
|
|
- Access request approved
|
|
- User has linux account created and has key / cert trusted by target server
|
|
- User can log into account
|
|
|
|
Revocation:
|
|
- User has access expire or revoked
|
|
- Keywarden removes key / cert from target server, or invalidates on Keywarden's side
|
|
- Keywarden removes object permissions
|
|
- User cannot access server anymore
|
|
|
|
|
|
Permissions:
|
|
|
|
Administrator:
|
|
- Everything
|
|
|
|
Auditor:
|
|
- Can exclusively view audit logs of servers they have access to via request.
|
|
|
|
User:
|
|
|
|
|
|
|
|
Access Requests:
|
|
|
|
- Can use Shell?
|
|
- Can view logs?
|
|
- Can have user account?
|