3.1.3 Ensure that the --insecure-allow-any-token argument is not set

Information

Do not allow any insecure tokens.

Rationale:

Accepting insecure tokens would allow any token without actually authenticating anything. User information is parsed from the token and connections are allowed.

Solution

Edit the deployment specs and remove '--insecure-allow-any-token'.

kubectl edit deployments federation-apiserver-deployment --namespace=federation-system

Impact:

None

See Also

https://workbench.cisecurity.org/files/1788

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2, CSCv6|16

Plugin: Unix

Control ID: 04f3452650f0fb2d0f4921d0505cc10a0f859dfc3dfd3ccaf19ad4894ea1c942