New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a command to authenticate a service account (access key) #19263
Labels
Comments
This command would not require any additional permissions for the service account to be run, as it would already be an implicit requirement for it to do whatever it would be already doing, e.g., listing the contents of a private bucket. |
I think there is a security vulnerability here. If I find that the account exists, I can keep retrying the password and potentially hack into the account in theory. @harshavardhana |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the MinIO client
mc
allows getting information about a given service account via themc admin user svcacct info
command. By parsing the content one can check whether a service account (a.k.a. access key) is active or does not exist, among other things.I would like to suggest adding a new option to this command to be able to validate the credentials of a given service account, so that it would fail if the provided password (a.k.a. secret key) has changed. Example:
mc admin user svcacct auth ACCESSKEY SECRETKEY
This could return, for example,
0
if it succeeded,1
if it failed and2
if the service account does not exist.Thanks.
The text was updated successfully, but these errors were encountered: