2020-02-29 07:43:59 +07:00
|
|
|
---
|
|
|
|
layout: default
|
|
|
|
title: File
|
|
|
|
parent: Authentication backends
|
|
|
|
grand_parent: Configuration
|
|
|
|
nav_order: 1
|
|
|
|
---
|
|
|
|
|
|
|
|
# File
|
|
|
|
|
|
|
|
**Authelia** supports a file as a users database.
|
|
|
|
|
|
|
|
## Configuration
|
|
|
|
|
|
|
|
Configuring Authelia to use a file is done by specifying the path to the
|
|
|
|
file in the configuration file.
|
|
|
|
|
|
|
|
authentication_backend:
|
|
|
|
file:
|
|
|
|
path: /var/lib/authelia/users.yml
|
|
|
|
|
|
|
|
|
|
|
|
## Format
|
|
|
|
|
|
|
|
|
|
|
|
The format of the file is as follows.
|
|
|
|
|
|
|
|
users:
|
|
|
|
john:
|
|
|
|
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
|
|
|
email: john.doe@authelia.com
|
|
|
|
groups:
|
|
|
|
- admins
|
|
|
|
- dev
|
|
|
|
|
|
|
|
harry:
|
|
|
|
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
|
|
|
email: harry.potter@authelia.com
|
|
|
|
groups: []
|
|
|
|
|
|
|
|
bob:
|
|
|
|
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
|
|
|
email: bob.dylan@authelia.com
|
|
|
|
groups:
|
|
|
|
- dev
|
|
|
|
|
|
|
|
james:
|
|
|
|
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
|
|
|
email: james.dean@authelia.com
|
|
|
|
|
|
|
|
This file should be set with read/write permissions as it could be updated by users
|
|
|
|
resetting their passwords.
|
|
|
|
|
|
|
|
## Passwords
|
|
|
|
|
|
|
|
The file contains hash of passwords instead of plain text passwords for security reasons.
|
|
|
|
|
|
|
|
You can use authelia binary or docker image to generate the hash of any password.
|
|
|
|
|
|
|
|
For instance, with the docker image, just run
|
|
|
|
|
|
|
|
$ docker run authelia/authelia:latest authelia hash-password yourpassword
|
|
|
|
$6$rounds=50000$BpLnfgDsc2WD8F2q$be7OyobnQ8K09dyDiGjY.cULh4yDePMh6CUMpLwF4WHTJmLcPE2ijM2ZsqZL.hVAANojEfDu3sU9u9uD7AeBJ/
|
|
|
|
|
|
|
|
|
2020-02-29 12:15:03 +07:00
|
|
|
## Password Hash Function
|
2020-02-29 07:43:59 +07:00
|
|
|
|
|
|
|
The only supported hash function is salted sha512 determined by the prefix `$6$` as described
|
|
|
|
in this [wiki](https://en.wikipedia.org/wiki/Crypt_(C)) page.
|
|
|
|
|
|
|
|
Although not the best hash function, Salted SHA512 is a decent algorithm given the number of rounds is big
|
|
|
|
enough. It's not the best because the difficulty to crack the hash does not on the performance of the machine.
|
|
|
|
The best algorithm, [Argon2](https://en.wikipedia.org/wiki/Argon2) does though. It won the
|
|
|
|
[Password Hashing Competition](https://en.wikipedia.org/wiki/Password_Hashing_Competition) in 2015 and is now
|
|
|
|
considered the best hashing function. There is an open [issue](https://github.com/authelia/authelia/issues/577)
|
|
|
|
to add support for this hashing function.
|