Security for OOD v1.8

Is it still possible to use Basic Auth with version 1.8? Alternatively, is there a way to set the default user with dex (rather than just ood)? I’m creating this on Azure and want something very simple when it will just be run for a single user (and would prefer not to set up ldap).


You can continue to use basic auth if you wish. Just uninstall or do not install ondemand-dex and continue to set the auth lines in ood_portal.yml to the required lines for basic auth. The ood-portal-generator no longer defaults to Basic Auth but it’s still possibly by specifying necessary auth lines.

We do not provide a mechanism in ood-portal-generator to specify additional users, the user we ship is ood@localhost. You can optionally generate /etc/ood/dex/config.yaml then make a copy and modify that copy to change the ood user to something else and the password either remains password or you have to generate a new bcrypt hash. It’s important to use a copy and not directly use /etc/ood/dex/config.yaml because ood-portal-generator will overwrite that file. If you want to start ondemand-dex with your custom config do something like this in /etc/systemd/system/ondemand-dex.service.d/config.conf:

ExecStart=/usr/sbin/ondemand-dex serve /etc/ood/dex/my-config.yaml

The above assumes you made a copy of YAML config at /etc/ood/dex/my-config.yaml. It must be readable by ondemand-dex user.