97 lines
2.1 KiB
Markdown
97 lines
2.1 KiB
Markdown
# uotp
|
|
|
|
**uotp** is a full blown authentication and authorisation service
|
|
made for micro services.
|
|
The basic idea is that every micro service has a (long term) triple
|
|
constisting of (name, realm, seed) and creates time based tokens.
|
|
This basically revamps Kerberos in a simple way into the web area.
|
|
uotp has been created and is maintained by ungleich.
|
|
|
|
**Technologies Used**
|
|
|
|
* Flask
|
|
* PyOTP
|
|
* Etcd
|
|
|
|
## Installation
|
|
### Alpine
|
|
|
|
```shell
|
|
# Update and Upgrade
|
|
cat > /etc/apk/repositories << EOF
|
|
https://mirror.ungleich.ch/mirror/packages/alpine/edge/main
|
|
https://mirror.ungleich.ch/mirror/packages/alpine/edge/community
|
|
https://mirror.ungleich.ch/mirror/packages/alpine/edge/testing
|
|
EOF
|
|
apk update
|
|
apk upgrade
|
|
|
|
# Install Dependencies
|
|
apk add python3 git etcd etcd-ctl py3-grpcio
|
|
|
|
curl https://raw.githubusercontent.com/etcd-io/etcd/release-3.4/etcd.conf.yml.sample -o /etc/etcd/conf.yml
|
|
|
|
pip3 install git+https://code.ungleich.ch/ungleich-public/uotp.git@master
|
|
|
|
|
|
service etcd start
|
|
```
|
|
|
|
Create `/etc/uotp/uotp.conf` with something like the following
|
|
configuration
|
|
|
|
```
|
|
BASE_PREFIX=/uotp/
|
|
ADMIN_REALM=ungleich-admin
|
|
AUTH_REALM=ungleich-auth
|
|
PORT=8000
|
|
```
|
|
|
|
and run **uotp** with the following command
|
|
|
|
```
|
|
uotp
|
|
```
|
|
|
|
|
|
## Usage
|
|
|
|
#### Get Admin Credentials
|
|
|
|
Run the following commands in your uotp directory
|
|
```shell
|
|
uotp-client get-admin
|
|
```
|
|
|
|
#### Create Auth Account (or any account)
|
|
|
|
Run the following command in your uotp directory:
|
|
```shell
|
|
uotp-client create \
|
|
--name auth --realm ungleich-auth \
|
|
--admin-name admin --admin-realm ungleich-admin \
|
|
--admin-seed admin_seed_here
|
|
```
|
|
|
|
In response, you would get a JSON object containing Message and
|
|
Credentials of newly created account.
|
|
|
|
#### List All Accounts with credentials
|
|
```shell
|
|
uotp-client list \
|
|
--admin-name admin_name_jere --admin-realm admin_realm_here \
|
|
--admin-seed admin_seed_here
|
|
```
|
|
|
|
#### Verify OTP Credentials
|
|
```shell
|
|
uotp-client verify \
|
|
--name user_name_here --realm user_realm_here \
|
|
--seed user_seed_here --auth-name auth_name_here \
|
|
--auth-realm auth_realm_here --auth-seed auth_seed_here
|
|
```
|
|
|
|
#### Delete OTP Account
|
|
|
|
TODO
|