GitBook: [master] 61 pages modified

nats-server/configuration/securing_nats/auth_intro/README.md

@@ -6,7 +6,7 @@ The NATS server provides various ways of authenticating clients:
 * [Username/Password credentials](username_password.md)
 * [TLS Certificate](tls_mutual_auth.md)
 * [NKEY with Challenge](nkey_auth.md)
-* [Decentralized JWT Authenticatin/Authorization](../jwt/README.md)
+* [Decentralized JWT Authenticatin/Authorization](../jwt/)
 
 Authentication deals with allowing a NATS client to connect to the server. Except for JWT authentication, authentication and authorization are configured in the `authorization` section of the configuration.
 
@@ -19,7 +19,7 @@ The `authorization` block provides _authentication_ configuration as well as _au
 | [`token`](tokens.md) | Specifies a global token that can be used to authenticate to the server \(exclusive of user and password\) |
 | [`user`](username_password.md) | Specifies a single _global_ user name for clients to the server \(exclusive of token\) |
 | [`password`](username_password.md) | Specifies a single _global_ password for clients to the server \(exclusive of `token`\) |
-| `users` | A list of [user configuration](#user-configuration-map) maps |
+| `users` | A list of [user configuration](./#user-configuration-map) maps |
 | [`timeout`](auth_timeout.md) | Maximum number of seconds to wait for client authentication |
 
 For multiple username and password credentials, specify a `users` list.

nats-server/configuration/securing_nats/auth_intro/nkey_auth.md

@@ -58,3 +58,4 @@ const nc = NATS.connect({
 ```
 
 The client provides a function that it uses to parse the seed \(the private key\) and sign the connection challenge.
+

nats-server/configuration/securing_nats/auth_intro/tls_mutual_auth.md

@@ -28,9 +28,7 @@ Or via the command line:
 > ./nats-server --tlsverify --tlscert=server-cert.pem --tlskey=server-key.pem --tlscacert=rootCA.pem
 ```
 
-This option verifies the client's certificate is signed by the CA specified in the `ca_file` option.
-When `ca_file` is not present it will default to CAs in the system trust store.
-It also makes sure that the client provides a certificate with the extended key usage `TLS Web Client Authentication`.
+This option verifies the client's certificate is signed by the CA specified in the `ca_file` option. When `ca_file` is not present it will default to CAs in the system trust store. It also makes sure that the client provides a certificate with the extended key usage `TLS Web Client Authentication`.
 
 ## Mapping Client Certificates To A User
 
@@ -50,9 +48,9 @@ tls {
 
 > Note that `verify` was changed to `verify_and_map`.
 
-When present, the server will check if a Subject Alternative Name \(SAN\) maps to a user. It will search all email addresses first, then all DNS names. If no user could be found, it will try the certificate subject. 
+When present, the server will check if a Subject Alternative Name \(SAN\) maps to a user. It will search all email addresses first, then all DNS names. If no user could be found, it will try the certificate subject.
 
-> Note: This mechanism will pick the user it finds first. There is no configuration to restrict this. 
+> Note: This mechanism will pick the user it finds first. There is no configuration to restrict this.
 
 ```text
 $ openssl x509 -noout -text -in  client-cert.pem
@@ -87,8 +85,7 @@ Certificate:
 ...
 ```
 
-> Note that for this example to work you will have to modify the user to match what is in your certificates subject.
-> In doing so, watch out for the order of attributes!
+> Note that for this example to work you will have to modify the user to match what is in your certificates subject. In doing so, watch out for the order of attributes!
 
 The configuration to authorize this user would be as follows: