From ce3bc87f9e65f3aa44f3b53f9f84a72f0f4de7bb Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Thu, 4 Jan 2024 09:08:07 -0600 Subject: [PATCH] authelia: Reduce concent durations After considering the implications of Authelia's pre-configured consent feature, I decided I did not like the fact that a malicious program could potentially take over my entire Kubernetes cluster without my knowledge, since `kubectl` may not require any interaction, and could therefore be executed without my knowledge. I stopped ticking the "Remember Consent" checkbox out of paranoia, but that's gotten kind of annoying. I figure a good compromise is to only prompt for consent a couple of times per day. --- authelia/configuration.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/authelia/configuration.yml b/authelia/configuration.yml index 58d47e0..36eb89b 100644 --- a/authelia/configuration.yml +++ b/authelia/configuration.yml @@ -64,7 +64,7 @@ identity_providers: - email - offline_access authorization_policy: one_factor - pre_configured_consent_duration: 7d + pre_configured_consent_duration: 8h - id: kubernetes description: Kubernetes public: true @@ -72,7 +72,7 @@ identity_providers: - http://localhost:8000 - http://localhost:18000 authorization_policy: one_factor - pre_configured_consent_duration: 7d + pre_configured_consent_duration: 8h - id: 1b6adbfc-d9e0-4cab-b780-e410639dc420 description: MinIO secret: >- @@ -84,10 +84,10 @@ identity_providers: public: true redirect_uris: - http://127.0.0.1 - pre_configured_consent_duration: 7d + pre_configured_consent_duration: 8h - id: argocd description: Argo CD - pre_configured_consent_duration: 7d + pre_configured_consent_duration: 8h redirect_uris: - https://argocd.pyrocufflink.blue/auth/callback secret: >- @@ -95,7 +95,7 @@ identity_providers: - id: argocd-cli description: argocd CLI public: true - pre_configured_consent_duration: 7d + pre_configured_consent_duration: 8h audience: - argocd-cli redirect_uris: