There is an error in the teleport.yaml reference in regards to the authentication: type instructions. The instructions indicate that oidc, saml and false are valid options for Enterprise. However, setting type: false produces the following error on 6.2.3, preventing the service from starting:
ERROR: authentication type "false" not supported
The expectation when setting type false would be to disable local authentication as required by FedRAMP / FIPS as described in the yaml reference comments. This functionality is actually controlled by the parameter local_auth, which is not mentioned in the yaml reference file.
Request is to have the https://goteleport.com/docs/config-reference/ updated to remove references to type: false as an option and list the local_auth option as the appropriate method.
zmb3
commented
1 year ago
Details
There is an error in the teleport.yaml reference in regards to the authentication: type instructions. The instructions indicate that
oidc,samlandfalseare valid options for Enterprise. However, settingtype: falseproduces the following error on 6.2.3, preventing the service from starting:The expectation when setting type false would be to disable local authentication as required by FedRAMP / FIPS as described in the yaml reference comments. This functionality is actually controlled by the parameter
local_auth, which is not mentioned in the yaml reference file.Request is to have the https://goteleport.com/docs/config-reference/ updated to remove references to
type: falseas an option and list thelocal_authoption as the appropriate method.Request
Category