From b2f2f162ad768a1e66d5921146f24bfd0698b302 Mon Sep 17 00:00:00 2001
From: Liron Levin <liron@twistlock.com>
Date: Wed, 30 Mar 2016 21:14:33 +0300
Subject: [PATCH] Add short description about default authentication method in
 authorization docs

Following the discussion in #21556, adding a short description of the
default user authentication mechanism (without requiring authentication
plugins)
Signed-off-by: Liron Levin <liron@twistlock.com>
---
 docs/extend/plugins_authorization.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md
index 7db31b85c42a2..6ebed3542f436 100644
--- a/docs/extend/plugins_authorization.md
+++ b/docs/extend/plugins_authorization.md
@@ -49,6 +49,11 @@ Each plugin must reside within directories described under the
 **Note**: the abbreviations `AuthZ` and `AuthN` mean authorization and authentication
 respectively.
 
+## Default user authorization mechanism
+
+If TLS is enabled in the [Docker daemon](https://docs.docker.com/engine/security/https/), the default user authorization flow extracts the user details from the certificate subject name.
+That is, the `User` field is set to the client certificate subject common name, and the `AuthenticationMethod` field is set to `TLS`.
+
 ## Basic architecture
 
 You are responsible for registering your plugin as part of the Docker daemon