Panel authentication

From Luna Node
Revision as of 05:11, 29 June 2014 by Favyen Bastani (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Luna Node Dynamic supports two panel authentication methods: password and client-side certificate.

  • Password: this is your standard login functionality, where you enter your e-mail address and password, and then get access to the panel.
  • Client-side certificate: this uses client-side SSL certificates that are signed by the Luna Node Dynamic certificate authority. You register the certificate and your key into your computer, and then the server will be able to authenticate your certificate via SSL.

Authentication policies

There are three available authentication policies to determine how strict the server will be with logins for your account. These are configurable from the Account tab in the top right of the panel.

  • Any authentication method: if you enter your password successfully or client-side SSL certificate authentication succeeds, you will have access to the panel.
  • Both password and certificate: you will need to enter your password, and then also authenticate via SSL certificate in order to gain access.
  • Certificate, with password for unrecognized IPs: use client-side SSL certificate authentication only by default; however, if you attempt to login from an unrecognized IP address (i.e., one that you've not logged in from before), then you will need to also verify your password.

Setting up client-side SSL certificate


You will need OpenSSL or a similar tool installed in order to do this. These instructions are based on a gist by mtigas found on Github.

First, create a key and a CSR. We use 4096-bit key below for extra security since it doesn't hurt (and also since the guide used it).

openssl genrsa -des3 -out client.key 4096
openssl req -new -key client.key -out client.csr

Now, copy the contents of client.csr. Go to the Account tab, and under "Client-side certificates", paste the CSR and hit "Add client-side certificate".

Other operating systems

We currently don't have information for other operating systems. UNIX-based OS might work with the Linux instructions.