docs: update no-macaroons option in macaroon
This commit is contained in:
parent
3a3b5413b9
commit
86d5facaa2
@ -146,7 +146,7 @@ type Config struct {
|
|||||||
TLSExtraDomains []string `long:"tlsextradomain" description:"Adds an extra domain to the generated certificate"`
|
TLSExtraDomains []string `long:"tlsextradomain" description:"Adds an extra domain to the generated certificate"`
|
||||||
TLSAutoRefresh bool `long:"tlsautorefresh" description:"Re-generate TLS certificate and key if the IPs or domains are changed"`
|
TLSAutoRefresh bool `long:"tlsautorefresh" description:"Re-generate TLS certificate and key if the IPs or domains are changed"`
|
||||||
|
|
||||||
NoMacaroons bool `long:"no-macaroons" description:"Disable macaroon authentication"`
|
NoMacaroons bool `long:"no-macaroons" description:"Disable macaroon authentication, can only be used if server is not listening on a public interface."`
|
||||||
AdminMacPath string `long:"adminmacaroonpath" description:"Path to write the admin macaroon for lnd's RPC and REST services if it doesn't exist"`
|
AdminMacPath string `long:"adminmacaroonpath" description:"Path to write the admin macaroon for lnd's RPC and REST services if it doesn't exist"`
|
||||||
ReadMacPath string `long:"readonlymacaroonpath" description:"Path to write the read-only macaroon for lnd's RPC and REST services if it doesn't exist"`
|
ReadMacPath string `long:"readonlymacaroonpath" description:"Path to write the read-only macaroon for lnd's RPC and REST services if it doesn't exist"`
|
||||||
InvoiceMacPath string `long:"invoicemacaroonpath" description:"Path to the invoice-only macaroon for lnd's RPC and REST services if it doesn't exist"`
|
InvoiceMacPath string `long:"invoicemacaroonpath" description:"Path to the invoice-only macaroon for lnd's RPC and REST services if it doesn't exist"`
|
||||||
|
@ -81,7 +81,14 @@ methods. This means a few important things:
|
|||||||
You can also run `lnd` with the `--no-macaroons` option, which skips the
|
You can also run `lnd` with the `--no-macaroons` option, which skips the
|
||||||
creation of the macaroon files and all macaroon checks within the RPC server.
|
creation of the macaroon files and all macaroon checks within the RPC server.
|
||||||
This means you can still pass a macaroon to the RPC server with a client, but
|
This means you can still pass a macaroon to the RPC server with a client, but
|
||||||
it won't be checked for validity.
|
it won't be checked for validity. Note that disabling authentication of a server
|
||||||
|
that's listening on a public interface is not allowed. This means the
|
||||||
|
`--no-macaroons` option is only permitted when the RPC server is in a private
|
||||||
|
network. In CIDR notation, the following IPs are considered private,
|
||||||
|
- [`169.254.0.0/16` and `fe80::/10`](https://en.wikipedia.org/wiki/Link-local_address).
|
||||||
|
- [`224.0.0.0/4` and `ff00::/8`](https://en.wikipedia.org/wiki/Multicast_address).
|
||||||
|
- [`10.0.0.0/8`, `172.16.0.0/12` and `192.168.0.0/16`](https://tools.ietf.org/html/rfc1918).
|
||||||
|
- [`fc00::/7`](https://tools.ietf.org/html/rfc4193).
|
||||||
|
|
||||||
Since `lnd` requires macaroons by default in order to call RPC methods, `lncli`
|
Since `lnd` requires macaroons by default in order to call RPC methods, `lncli`
|
||||||
now reads a macaroon and provides it in the RPC call. Unless the path is
|
now reads a macaroon and provides it in the RPC call. Unless the path is
|
||||||
|
Loading…
Reference in New Issue
Block a user