Authserver¶
Purpose¶
This system will provide an OAuth2/OpenID Connect authentication server based on Ory Hydra.
Application Links¶
The public API is available at https://authserver.cacert.org/
The internal API is available to the IDP at https://authserver.infra.cacert.org:4445/
Administration¶
System Administration¶
Primary: Jan Dittberner
Application Administration¶
Application |
Administrator(s) |
---|---|
Ory Hydra |
Contact¶
Additional People¶
No additional people have sudo access on that machine.
Basics¶
Physical Location¶
This system is located in an LXC container on physical machine Infra03.
Logical Location¶
- IP Internet:
- IP Intranet:
- IP Internal:
- IPv6:
- MAC address:
00:ff:8f:62:0d:36
(eth0)
See also
See Network
Monitoring¶
- internal checks:
- external checks:
DNS¶
Todo
setup public DNS for authserver
Name |
Type |
Content |
---|---|---|
authserver.infra.cacert.org |
IN A |
10.0.3.16 |
See also
Operating System¶
Debian GNU/Linux 11 Bullseye
Services¶
Listening services¶
Port |
Service |
Origin |
Purpose |
---|---|---|---|
22/tcp |
ssh |
ANY |
admin console access |
25/tcp |
smtp |
local |
mail delivery to local MTA |
5665/tcp |
icinga2 |
monitor |
remote monitoring service |
Todo
setup Hydra and add ports
Running services¶
Service |
Usage |
Start mechanism |
---|---|---|
cron |
job scheduler |
systemd unit |
dbus-daemon |
System message bus |
systemd unit |
Exim |
SMTP server for local mail submission |
systemd unit |
icinga2 |
Icinga2 monitoring agent |
systemd unit |
openssh server |
ssh daemon for remote administration |
systemd unit |
Puppet agent |
configuration management agent |
systemd unit |
rsyslog |
syslog daemon |
systemd unit |
Todo
setup and document Hydra service
Connected Systems¶
Outbound network connections¶
Security¶
SSH host keys¶
Algorithm |
Fingerprints |
---|---|
RSA |
|
DSA |
- |
ECDSA |
|
ED25519 |
|
See also
Non-distribution packages and modifications¶
Todo
document Hydra installation
Risk assessments on critical packages¶
The Puppet agent package and a few dependencies are installed from the official Puppet APT repository because the versions in Debian are too old to use modern Puppet features.
Critical Configuration items¶
Keys and X.509 certificates¶
Hydra configuration¶
Tasks¶
Changes¶
Planned¶
,, todo:: install Hydra
Additional documentation¶
See also