mirror of
https://github.com/gogrlx/nats-server.git
synced 2026-04-13 17:58:00 -07:00
01057467cf
Similar as with clients, this makes it possible to
use the subject from a TLS certificate to validate
the permissions from a cluster member.
Currently only a single configured user is supported:
```
cluster {
tls {
cert_file = "./configs/certs/tlsauth/server.pem"
key_file = "./configs/certs/tlsauth/server-key.pem"
ca_file = "./configs/certs/tlsauth/ca.pem"
verify_and_map = true
timeout = 2
}
permissions {
publish {
allow = ["public.>"]
}
subscribe {
allow = ["public.>"]
}
}
authorization {
user = "CN=localhost,OU=NATS.io Operators"
}
}
```
Signed-off-by: Waldemar Quevedo <wally@synadia.com>
23 lines
1.3 KiB
Plaintext
23 lines
1.3 KiB
Plaintext
-----BEGIN CERTIFICATE-----
|
|
MIIDoTCCAomgAwIBAgIUKrcs29uAsjrZ53kR88U2UAiz2FgwDQYJKoZIhvcNAQEL
|
|
BQAwTDEkMCIGA1UEChMbU3luYWRpYSBDb21tdW5pY2F0aW9ucyBJbmMuMRAwDgYD
|
|
VQQLEwdOQVRTLmlvMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTkwMjE4MTgxOTAw
|
|
WhcNMjQwMjE3MTgxOTAwWjAwMRowGAYDVQQLExFOQVRTLmlvIE9wZXJhdG9yczES
|
|
MBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
|
|
AQEAv+qCDnauYy08xfxu5S9Lm9oRlhXn0XUS1S73WaA4Sgv+QYYRrDmsgjXTwiJ0
|
|
VEDO+IUBXtqO1NOUxfpjifGX6rTdtab+Kxe9hztCacSnaDKUd887qmDqmCXwKGxE
|
|
sz7loEliUMs/vlEsyTwpU6NjcIlKqlsOC8Jcyd4zffpPFmQuOnXzr59lHiX5/kAQ
|
|
UoAPdJHjk6AEwa8lEgMjuOWiilkQxRIHPUPiVgs0l4AMqJcdW5BPzbKSWpn4mSNP
|
|
QIY/2hTWNdroe6qOAqWbtxtV8IkaQQGoEhavRRdgb92LGv9tK3h8qW2x+Q/Ac+zh
|
|
RdXdUgDN2I2FhIh3aTepS29y+QIDAQABo4GWMIGTMA4GA1UdDwEB/wQEAwIFoDAd
|
|
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
|
|
HQ4EFgQUsi295rOWX4epJovs+SFWKL0M9NEwHwYDVR0jBBgwFoAUbwbb4b9Hyi/J
|
|
dmgKO0hyj272GsswFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUA
|
|
A4IBAQBt+JD/POQavswoTezh7YtXaw2F3DFhOz3yGvcKXBG/wRafWPuEZCMjY1cx
|
|
EgjOxA5kHPcsMNjRtQGAuV+1EymWUhJCyUq109D4eSNzR3IwXP3FhVtZ71XxCl+c
|
|
qUatFWvfGaU30TAHwB/QcXhLsliEMOaKRr3yTgM2BaTjsaBSA0/s/JwQiHvF0n1R
|
|
YYP4G7BON8IzhjsD38KjUrlAXT24VzCcDyFDk2c434jQwOZVxqHidB3lBlOmjX1X
|
|
eRJcJx/YkE7ej70R2f2WhQfZkgeF3iX8Xa5a10vjIqXcI9DkVb3GwAjx6+XDekJI
|
|
j4uv6u+kCJxABz3EyggU4BEPEPNL
|
|
-----END CERTIFICATE-----
|