updated docs

[kfox1111]

The docs in the kubeconf section look outdated as compared to lower where it is talking about TokenRequests (implies you can use it as a kubectl auth plugin now)

[bjhaid]

@kfox1111 it's unclear which part of the doc you are referring to can you open a PR with a suggestion?

[kfox1111]

oh. I missed the line after the kubeconf saying it was a kubeconf for the apiserver, not the user's kubeconf.

Do you have a kubeconf example for users?

[bjhaid]

apiVersion: v1
clusters:
- cluster:
    server: https://kube.bar.com/
  name: bar
contexts:
- context:
    cluster: bar
    user: replace_with_username
  name: bar
current-context: bar
kind: Config
preferences: {}
users:
- name: replace_with_username
  user:
    as-user-extra: {}
    token: replace_with_token_from_received_from_pamhook

[kfox1111]

can it be used as a plugin ala:
"client-go credential plugins" section of https://kubernetes.io/docs/reference/access-authn-authz/authentication/ ?
If not, could be made to be?

[bjhaid]

can it be used as a plugin

yes

you will need to write something the makes an api call to pamhook to retrieve the token and then you use that as the exec portion of the user client config, there's nothing of that nature today

[kfox1111]

ok. thanks.

[bjhaid]

@kfox1111 if you are still interested I wrote an exec plugin here:

9106a69