Comments (5)
paulcallen
commented on May 20, 2024
@gabriel-samfira,
how would you envisage this working on Linux? On windows we have a cert store and so the client specifies a thumb print ID for it and windows can find it from there. On Linux my understanding is this is not the case and certs can be thrown all over the place.
I am guessing that specify the location of the cert file itself would be the best solution.
Thoughts?
from psl-omi-provider.
gabriel-samfira
commented on May 20, 2024
I think you have a few options here. It depends on how deep you want to go into this particular rabbit hole. On linux there are a few standard locations to store certificates and keys in. Commonly, trusted root certificates are stored in /etc/ssl/certs. This would be the equivalent of cert:\LocalMachine\Root.
Any keys you generally want to generate, should go in /etc/ssl/private (although this is not mandatory, especially in a multi-tenant deployment - which is the vast majority of Linux deployments).
There are other mechanisms to manage keys in Linux. Another commonly available application in any desktop Linux distribution is Seahorse, which also has a DBUS API, which allows users to query/watch user's keys. More info on that here: https://wiki.gnome.org/Apps/Seahorse/DBus . That however is desktop environment specific.
Another option would be to emulate the way OpenSSH does things. Have a $HOME/.x509 folder on the system, create a cert:\ PSDrive on top of that, and a very thin abstraction that allows powershell to query it the same way it queries the windows APIs.
Not familiar enough with powershell core code to know if this is feasible or not.
If specifying the physical location on disk to the certificate and corresponding key is the easiest and cleanest way to do it, I am all for it. :-)
from psl-omi-provider.
paulcallen
commented on May 20, 2024
thanks @gabriel-samfira. I appreciate your input.
from psl-omi-provider.
tam7t
commented on May 20, 2024
If specifying the physical location on disk to the certificate and corresponding key is the easiest and cleanest way to do it, I am all for it. :-)
I would second this. Most software that I use on linux just has you explicitly specify a file paths for PEM encoded cert and key.
see consul, kubectl, and etcdctl
from psl-omi-provider.
paulcallen
commented on May 20, 2024
@tam7t I appreciate your input.
Thanks.
Adding a reference to OMI issue as that is where this would need to get implemented first,
microsoft/omi#302
from psl-omi-provider.
Related Issues (20)
- 404 for Download Link HOT 1
- Deadlocks in PSSession stack after closed connection HOT 2
- Cannot do a Kerberos/Negotiate authentification on remote windows if winrm AllowUnencrypted set to "false" on remote
- linux client connection to windows 10 using basic auth and unencrypted traffic doesn't work (MI_RESULT_ACCESS_DENIED) HOT 10
- when Windows Server's 5985 port doesn't open, remoting will hang then timeout then crash HOT 1
- Basic Auth over HTTPS from reports MI_RESULT_ACCESS_DENIED HOT 1
- "TERM environment variable not set" when typing in "clear" HOT 1
- How do I setup authentication using local user credentials in Linux
- PowerShell Core Dbg.Assert when it unmarshals results from PSRP
- The SSL certificate is expired HOT 2
- Build error on Raspbian HOT 4
- Trying to copy file from Windows to Linux hangs
- Copy-Item -ToSession from WIndows to Linux corrupts the transferred file HOT 3
- Issue with connecting from SLES to Windows
- PSRP package not available for alpine/musl
- Intermittent hangs while establishing a WinRM connection from a Linux client to a Windows server HOT 1
- failed to load library: libcrypto.so.1.0.0 Debian 9.0 HOT 1
- Remote PS on SUSE 15
- This repository is outdated, please archive
- wondering if libpsrpclient has been distributed together with PowerShell?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from psl-omi-provider.