Nor is it authentication.
Comment on Just created my own zero trust network!
RunningInRVA@lemmy.world 5 weeks agoNone of these are client certificates btw. These are just ways to have your server use TLS encryption with any client that connects but it offers no authorization. If you want authorization with client certificates you need to implement mTLS (Mutual TLS).
SheeEttin@lemmy.zip 5 weeks ago
tux7350@lemmy.world 5 weeks ago
Oooo ya know I actually don’t know about these. I’ve done both A and B for my homelab and C for work.
Any good resources / insight into mTLS? I appreciate the response btw!
RunningInRVA@lemmy.world 5 weeks ago
Google?
tux7350@lemmy.world 5 weeks ago
Well ya know this is a forum and I was trying to engage in a friendly conversation to learn about something you brought up.
But yeah I know how to fucking Google lol
RunningInRVA@lemmy.world 5 weeks ago
Yes it’s a forum. But just because I corrected your error doesn’t mean I am obligated to do a whole fucking write up for you or go to google myself for you. Grow up.
possiblylinux127@lemmy.zip 5 weeks ago
www.youtube.com/watch?v=YhuWay9XJyw
You really should not expose stuff to the internet willy nilly. If you must you need to have extensive monitoring and security controls plus you should understand the application at a deep level.
tux7350@lemmy.world 5 weeks ago
Ahhh interesting video! I appreciate the post. I see the mTLS is more about authenticating who the client is outside the application.
Don’t worry, Im not just exposing thing willy nilly 🤣 For client-side authentication I use Authentik combined with 2FA, Duo, and fail2ban. Authentik provides identity management through LDAP to jellyfin and any sign in request goes to MFA and you get a Duo notification to approve. You can do other MFA, i just havent set it up.
Ive got a lot of family who use my server. Asking them to install a TSL cert on every machine would be impossible. My method also monitors all sign in requests. Setting up Authentik was a hugggeee game changer for me.