taigrr/nats.docs
1
0
Fork 0
mirror of https://github.com/taigrr/nats.docs synced 2025-01-18 04:03:23 -08:00
Code Issues Projects Releases Wiki Activity

Better explanation of jwt. Reorganizing files, adding links.

Browse Source 
Signed-off-by: Matthias Hanel <mh@synadia.com>
This commit is contained in:
Matthias Hanel
2020-03-30 02:47:23 -04:00
parent ded758e784
commit 7449aa6daa
19 changed files with 367 additions and 350 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
nats-server/configuration/sys_accounts/README.md
View File

@@ -1,6 +1,6 @@
# System Events and Services
NATS servers leverage [Accounts](../../configuration/securing_nats/auth_intro/accounts.md) support and generate events such as:
NATS servers leverage [Accounts](../../configuration/securing_nats/accounts.md) support and generate events such as:
* account connect/disconnect
* authentication errors
@@ -11,10 +11,10 @@ In addition the server supports a limited number of requests that can be used to
These events are enabled by configuring `system_account` and [subscribing/requesting](#Available-Events-and-Services) using a _system account_ user.
[Accounts](../../configuration/securing_nats/auth_intro/accounts.md) are used so that subscriptions from your applications, say `>`, do not receive system events and vice versa.
[Accounts](../../configuration/securing_nats/accounts.md) are used so that subscriptions from your applications, say `>`, do not receive system events and vice versa.
Using accounts requires either:
* [Configuring authentication locally](#Local-Configuration) and listing one of the accounts in `system_account`
* Or by using decentralized authentication and authorization via [jwt](../../configuration/securing_nats/auth_intro/jwt_auth.md) as shown in this [Tutorial](sys_accounts.md).
* Or by using decentralized authentication and authorization via [jwt](../../configuration/securing_nats/jwt/README.md) as shown in this [Tutorial](sys_accounts.md). In this case `system_account` contains the account public key.
## Available Events and Services
@@ -66,5 +66,7 @@ accounts: {
system_account: SYS
```
Please note that applications now have to authenticate such that a connection can be associated with an account.
In this example username and password were chosen for simplicity of the demonstration.
Subscribe to all system events like this `nats-sub -s nats://admin:changeit@localhost:4222 ">"` and observe what happens when you do something like `nats-pub -s "nats://a:a@localhost:4222" foo bar`.
Examples on how to use system services can be found [here](sys_accounts.md#System-Services).

2
nats-server/configuration/sys_accounts/sys_accounts.md
View File

@@ -50,7 +50,7 @@ The server configuration will need:
The only thing we don't have handy is the public key for the system account. We can get it easy enough:
```text
> nsc list accounts -W
> nsc list accounts
╭─────────────────────────────────────────────────────────────────╮
│ Accounts │
├──────┬──────────────────────────────────────────────────────────┤