techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity

[MISC] Update Golang and QEMU to v1.14.0 and v4.2.0-6 respectively (#685)

Browse Source 
* [MISC] Update Golang and QEMU to v1.14.0 and v4.2.0-6 respectively

* Argon2id memory in MB for Config Template

* Doc Fix

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
This commit is contained in:
Amir Zarrinkafsh 2020-03-06 19:40:56 +11:00 committed by GitHub
parent 26369fff3d
commit cc25b565c7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 32 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -1,7 +1,7 @@
# ======================================= # =======================================
# ===== Build image for the backend ===== # ===== Build image for the backend =====
# ======================================= # =======================================
FROM golang:1.13.6-alpine AS builder-backend FROM golang:1.14.0-alpine AS builder-backend
ARG BUILD_TAG ARG BUILD_TAG
ARG BUILD_COMMIT ARG BUILD_COMMIT

2
Dockerfile.arm32v7
View File

@ -1,7 +1,7 @@
# ======================================= # =======================================
# ===== Build image for the backend ===== # ===== Build image for the backend =====
# ======================================= # =======================================
FROM golang:1.13-alpine AS builder-backend FROM golang:1.14.0-alpine AS builder-backend
ARG BUILD_TAG ARG BUILD_TAG
ARG BUILD_COMMIT ARG BUILD_COMMIT

2
Dockerfile.arm64v8
View File

@ -1,7 +1,7 @@
# ======================================= # =======================================
# ===== Build image for the backend ===== # ===== Build image for the backend =====
# ======================================= # =======================================
FROM golang:1.13-alpine AS builder-backend FROM golang:1.14.0-alpine AS builder-backend
ARG BUILD_TAG ARG BUILD_TAG
ARG BUILD_COMMIT ARG BUILD_COMMIT

2
cmd/authelia-scripts/cmd_docker.go
View File

@ -44,7 +44,7 @@ func dockerBuildOfficialImage(arch string) error {
// Set default Architecture Dockerfile to amd64 // Set default Architecture Dockerfile to amd64
dockerfile := "Dockerfile" dockerfile := "Dockerfile"
// Set version of QEMU // Set version of QEMU
qemuversion := "v4.2.0-4" qemuversion := "v4.2.0-6"
// If not the default value // If not the default value
if arch != defaultArch { if arch != defaultArch {

2
config.template.yml
View File

@ -110,7 +110,7 @@ authentication_backend:
## iterations: 1 ## iterations: 1
## key_length: 32 ## key_length: 32
## salt_length: 16 ## salt_length: 16
## memory: 1048576 ## memory: 1024
## parallelism: 8 ## parallelism: 8
# Access Control # Access Control
# #

52
docs/configuration/authentication/file.md
View File

@ -28,45 +28,44 @@ file in the configuration file.
### Password hashing configuration settings ### Password hashing configuration settings
#### algorithm #### algorithm
- Value Type: String - Value Type: String
- Possible Value: `argon2id` and `sha512` - Possible Value: `argon2id` and `sha512`
- Recommended: `argon2id` - Recommended: `argon2id`
- What it Does: Changes the hashing algorithm - What it Does: Changes the hashing algorithm
#### iterations #### iterations
- Value Type: Int - Value Type: Int
- Possible Value: `1` or higher for argon2id and `1000` or higher for sha512 - Possible Value: `1` or higher for argon2id and `1000` or higher for sha512
(will automatically be set to `1000` on lower settings) (will automatically be set to `1000` on lower settings)
- Recommended: `1` for the `argon2id` algorithm and `50000` for `sha512` - Recommended: `1` for the `argon2id` algorithm and `50000` for `sha512`
- What it Does: Adjusts the number of times we run the password through the hashing algorithm - What it Does: Adjusts the number of times we run the password through the hashing algorithm
#### key_length #### key_length
- Value Type: Int - Value Type: Int
- Possible Value: `16` or higher. - Possible Value: `16` or higher.
- Recommended: `32` or higher. - Recommended: `32` or higher.
- What it Does: Adjusts the length of the actual hash - What it Does: Adjusts the length of the actual hash
#### salt_length #### salt_length
- Value Type: Int - Value Type: Int
- Possible Value: between `2` and `16` - Possible Value: between `2` and `16`
- Recommended: `16` - Recommended: `16`
- What it Does: Adjusts the length of the random salt we add to the password, there - What it Does: Adjusts the length of the random salt we add to the password, there
is no reason not to set this to 16 is no reason not to set this to 16
#### parallelism #### parallelism
- Value Type: Int - Value Type: Int
- Possible Value: `1` or higher - Possible Value: `1` or higher
- Recommended: `8` or twice your CPU cores - Recommended: `8` or twice your CPU cores
- What it Does: Sets the number of threads used for hashing - What it Does: Sets the number of threads used for hashing
#### memory #### memory
- Value Type: Int - Value Type: Int
- Possible Value: at least `8` times the value of `parallelism` - Possible Value: at least `8` times the value of `parallelism`
- Recommended: `1024` (1GB) or as much RAM as you can afford to give to hashing - Recommended: `1024` (1GB) or as much RAM as you can afford to give to hashing
- What it Does: Sets the amount of RAM used in MB for hashing - What it Does: Sets the amount of RAM used in MB for hashing
#### Examples for specific systems #### Examples for specific systems
These examples have been tested against a single system to make sure they roughly take These examples have been tested against a single system to make sure they roughly take
@ -113,6 +112,7 @@ The format of the users file is as follows.
This file should be set with read/write permissions as it could be updated by users This file should be set with read/write permissions as it could be updated by users
resetting their passwords. resetting their passwords.
## Passwords ## Passwords
The file contains hashed passwords instead of plain text passwords for security reasons. The file contains hashed passwords instead of plain text passwords for security reasons.
@ -162,24 +162,24 @@ brute-forced.
Hashes are identifiable as argon2id or SHA512 by their prefix of either `$argon2id$` and `$6$` Hashes are identifiable as argon2id or SHA512 by their prefix of either `$argon2id$` and `$6$`
respectively, as described in this [wiki page](https://en.wikipedia.org/wiki/Crypt_(C)). respectively, as described in this [wiki page](https://en.wikipedia.org/wiki/Crypt_(C)).
### Password hash algorithm tuning
### Password hash algorithm tuning All algorithm tuning is supported for Argon2id. The only configuration variables that affect
SHA512 are iterations and salt length. The configuration variables are unique to the file
authentication provider, thus they all exist in a key under the file authentication configuration
key called `password_hashing`. We have set what are considered as sane and recommended defaults
to cater for a reasonable system, if you're unsure about which settings to tune, please see the
parameters above, or for a more in depth understanding see the referenced documentation.
All algorithm tuning is supported for Argon2id. The only configuration variables that affect #### Argon2 Links
SHA512 are iterations and salt length. The configuration variables are unique to the file [How to choose the right parameters for Argon2]
authentication provider, thus they all exist in a key under the file authentication configuration
key called `password_hashing`. We have set what are considered as sane and recommended defaults
to cater for a reasonable system, if you're unsure about which settings to tune, please see the
parameters above, or for a more in depth understanding see the referenced documentation.
#### Argon2 Links [How to choose the right parameters for Argon2](https://www.twelve21.io/how-to-choose-the-right-parameters-for-argon2/)
[How to choose the right parameters for Argon2]
[How to choose the right parameters for Argon2](https://www.twelve21.io/how-to-choose-the-right-parameters-for-argon2/) [Go Documentation](https://godoc.org/golang.org/x/crypto/argon2)
[Go Documentation](https://godoc.org/golang.org/x/crypto/argon2) [IETF Draft](https://tools.ietf.org/id/draft-irtf-cfrg-argon2-09.html)
[IETF Draft](https://tools.ietf.org/id/draft-irtf-cfrg-argon2-09.html)
[How to choose the right parameters for Argon2]: https://www.twelve21.io/how-to-choose-the-right-parameters-for-argon2/ [How to choose the right parameters for Argon2]: https://www.twelve21.io/how-to-choose-the-right-parameters-for-argon2/

2
internal/suites/example/compose/authelia/Dockerfile.backend
View File

@ -1,4 +1,4 @@
FROM golang:1.13-alpine FROM golang:1.14.0-alpine
ARG USER_ID ARG USER_ID
ARG GROUP_ID ARG GROUP_ID