From cd21ab349e4a9c131991118f85366eaf7b0ca3b8 Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Tue, 3 Dec 2024 15:52:06 -0500 Subject: [PATCH] docs: motd and self-hosted db ca updates (#49709) --- .../self-hosted-introduction.mdx | 4 +- .../access-controls/authentication.mdx | 46 +++++++++++++++++++ 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/docs/pages/includes/database-access/self-hosted-introduction.mdx b/docs/pages/includes/database-access/self-hosted-introduction.mdx index da9db52cd28e3..5fcd5bd3e7f08 100644 --- a/docs/pages/includes/database-access/self-hosted-introduction.mdx +++ b/docs/pages/includes/database-access/self-hosted-introduction.mdx @@ -5,14 +5,14 @@ system](../../enroll-resources/database-access/rbac.mdx). The Teleport Database Service proxies traffic from database clients to self-hosted databases in your infrastructure. Teleport maintains a certificate -authority for database clients. You configure your database to trust the +authority (CA) for database clients. You configure your database to trust the Teleport database client CA, and the Teleport Database Service presents certificates signed by this CA when proxying user traffic. With this setup, there is no need to store long-lived credentials for self-hosted databases. Meanwhile, the Teleport Database Service verifies self-hosted databases by checking their TLS certificates against either the Teleport database CA or a -custom CA chosen by the user. +custom CA used with the database. In this guide, you will: diff --git a/docs/pages/reference/access-controls/authentication.mdx b/docs/pages/reference/access-controls/authentication.mdx index 3f99338ba2ea5..cd6f5f010e4c7 100644 --- a/docs/pages/reference/access-controls/authentication.mdx +++ b/docs/pages/reference/access-controls/authentication.mdx @@ -275,3 +275,49 @@ See [GitHub OAuth 2.0](../../admin-guides/access-controls/sso/github-sso.mdx) fo + +## Require displaying a message of the day + +Teleport can display a custom message of the day (MOTD) for users prior to authenticating +in the Teleport Web UI and CLI. + +### Self-Hosted + +Add the following to your Teleport configuration file, which is stored in +`/etc/teleport.yaml` by default. + +```yaml +auth_service: + message_of_the_day: | + Welcome to the Example Teleport Cluster + All activity is monitored and should follow organization policies +``` + +Restart the Teleport Auth Service instances to apply this change. + +### Teleport Enterprise Cloud/Dynamic + +Edit your `cluster_auth_preference` resource: + +```code +$ tctl edit cap +``` + +Ensure that the resource includes the `message_of_the_day` field: + +```yaml +kind: cluster_auth_preference +metadata: + name: cluster-auth-preference +spec: + message_of_the_day: | + Welcome to the Example Teleport Cluster + All activity is monitored and should follow organization policies + type: local + second_factor: "on" + webauthn: + rp_id: example.teleport.sh +version: v2 +``` + +Save and close the file in your editor to apply changes.