基于SSL的Docker用户身份验证

人气:628 发布:2022-09-21 标签: docker daemon

问题描述

我想为docker守护程序添加身份验证和授权,以提高安全性。

I want to add Authentication and Authorization for the docker daemon for more security.

用例: -

任何命令只能由有效用户发给docker守护程序,用户有权执行命令。这里我想使用LDAP进行用户身份验证。

Any command can be issued to the docker daemon by only valid user and that the user has the rights to execute the command. Here I want to use LDAP for user authentication.

问: - Docker是否与LDAP集成在上述用例中?如果没有,那么有什么工作呢?

Q :- Does docker has integration with LDAP for above use case ? If not then any work around to do this ?

我想要帮助如何继续这个。一些初学者会帮助。

I want help how to proceed on this. some starters will help.

请告诉我。感谢您的回答!

Please advise me. Thanks for answer !

推荐答案

保护docker守护程序的一种方法是仅向具有访问权限的用户授予套接字文件。 Docker使用一个名为 docker 的组,所以将用户添加到此组可以访问所有docker命令 gpasswd -a user docker 。但是,这并不限制用户可以运行的命令。

One way to protect docker daemon is to give access to the socket file only to users who should have access. Docker uses a group called docker, so adding a user to this group gives access to all docker commands gpasswd -a user docker. This however does not restrict the commands a user can run.

如果您希望使用LDAP身份验证和限制命令,请查看 Docker远程API ,Docker客户端也在内部使用。您可以使用它来控制docker守护进程,添加自己的身份验证,对命令的限制等。

If you'd prefer LDAP authentication and restriction on commands, take a look at Docker remote API which is used internally by docker client as well. You can use it to control docker daemon, add your own authentication, restriction on commands, etc.

912