Closed tvojacek closed 8 months ago
Is there better solution?
We would need to look at adding more formal support in the remote leaf options for soliciting servers.
@derekcollison - has there been any progress on authenticating leafnode remotes
using nkeys
(without requiring a jwt
)? I've been looking through the docs and haven't found anything on how to do this and am wondering if something changed since this was from a while ago.
Unfortunately we have not had time to properly look at it, we have been very busy with other higher priority items. Apologies.
Understood, thanks for the reply. I'll add my +1
for this functionality. And it would also be nice to allow a no_auth_user
type functionality with nkeys
😄
That should be possible today I believe no?
I tried the following config and get nats-server: no_auth_user: "UDFZIB2HFBKTJYGHXIUFUJ3GMCXTNRNELS5BK42JPKUX6MUKHG6PRDOA" present, but users are not defined
:
accounts {
SYS: {
users: [{nkey: UDAOQO6KTPA24Y3VO7ZCBLXIXZHZB6NRT7NGIGW3EFAED7EAXDFVHGTH}]
},
LEAF1: {
users: [{nkey: UDFZIB2HFBKTJYGHXIUFUJ3GMCXTNRNELS5BK42JPKUX6MUKHG6PRDOA}]
jetstream: enabled
}
}
system_account: SYS
no_auth_user: UDFZIB2HFBKTJYGHXIUFUJ3GMCXTNRNELS5BK42JPKUX6MUKHG6PRDOA
And then these docs say:
Please note that the no_auth_user will not work with nkeys. The user referenced can also be part of the authorization block.
Am I configuring it incorrectly?
ok I was incorrect then.. Will be good to add, will not make it for 2.10.8, but can see for 2.10.9.
Awesome! Thank you for getting this done, this really helps and is greatly appreciated! Just tested and working as expected 😄
Is it possible to add to docs sample config with leaf nodes secured by nkey? I have found ugly solution using credential file but it require pretense of JWT token. I kept JWT token from docs and put correct USER NKEY SEED there. Is there better solution?
on leafnode
nats.conf
where
server.creds
is copy of example creds from docsServer config for reference: