Not sure what this is… any tips?
How do you use it?
It’s helpful to know where you saw this for me to be able to answer best. Just a pointer is probably all I’d need. It’s useful to me to find out a bit of context, it might change the way I go about answering the question.
This is related to enrollment. Every identity needs to be able to enroll with the OpenZiti controller. Generally speaking, we do this through either one-time tokens (the jwts) or via 3rd party CA. You can read about those on the doc site.
UPDB is effectively the “username password database”. I went hunting through source and the management.yaml file for a bit looking for clues to answer, but I didn’t find any that made me feel like I really understood the need for it. I’ve never used this type of enrollment myself! 
I’ll give you my educated guess and then find “the real” answer if I’m wrong.
I expect this allows an identity to be created and subsequently enrolled using nothing but a username and password. Generally speaking, we favor using tokens (JWTs) or 3rd party certs, and since that process is pretty easy, that’s all I’ve ever used myself.
1 Like
sure… I often just play around… and find something new to learn more about.
This time, I was creating an identity manually… and found the UPDB option under identity type… when you select it… it comes up with a UPDB username. I guess it needs to be connected to some type of identity management system
No, it's for use with OpenZiti. I don't see a way in the ZAC to set the password of that user. You can explore this in ziti cli with:
ziti edge create authenticator updb -h
Creates a updb authenticator for an identity which will allow the identity to authenticate with a username/password combination. If <password> is omitted it will be prompted for.
Usage:
ziti edge create authenticator updb <identityIdOrName> <username> [<password>] [flags]
Examples:
ziti edge controller create authenticator updb "David Bright" "dbright" "@$yh3Hh3h4"
Flags:
-h, --help help for updb
1 Like
Makes sense now… thanks