* using authelia hash-password if you provide a salt it doesn't encode it as a base64 string * this causes invalid salts to be stored if a user manually provided one instead of reliance on the automatic generation * additionally bumped the minimum required salt length to 8 as per reference spec * additionally removed the maximum salt length as per reference spec (actually 2^32-1 per int32) * see docs: * https://tools.ietf.org/html/draft-irtf-cfrg-argon2-10 * https://github.com/P-H-C/phc-winner-argon2 * https://github.com/P-H-C/phc-string-format * encode all salts * fix edge case of false positive in CheckPassword * bump crypt version and fix tests
2.4 KiB
layout | title | nav_order | has_children |
---|---|---|---|
default | Configuration | 4 | true |
Configuration
Authelia uses a YAML file as configuration file. A template with all possible options can be found here, at the root of the repository.
When running Authelia, you can specify your configuration by passing the file path as shown below.
$ authelia --config config.custom.yml
Validation
Authelia validates the configuration when it starts. This process checks multiple factors including configuration keys that don't exist, configuration keys that have changed, the values of the keys are valid, and that a configuration key isn't supplied at the same time as a secret for the same configuration option.
You may also optionally validate your configuration against this validation process manually by using the validate-config option with the Authelia binary as shown below. Keep in mind if you're using secrets you will have to manually provide these if you don't want to get certain validation errors (specifically requesting you provide one of the secret values). You can choose to ignore them if you know what you're doing. This command is useful prior to upgrading to prevent configuration changes from impacting downtime in an upgrade. This process does not validate integrations, it only checks that your configuration syntax is valid.
$ authelia validate-config configuration.yml
Duration Notation Format
We have implemented a string based notation for configuration options that take a duration. This section describes its usage. You can use this implementation in: session for expiration, inactivity, and remember_me_duration; and regulation for ban_time, and find_time. This notation also supports just providing the number of seconds instead.
The notation is comprised of a number which must be positive and not have leading zeros, followed by a letter denoting the unit of time measurement. The table below describes the units of time and the associated letter.
Unit | Associated Letter |
---|---|
Years | y |
Months | M |
Weeks | w |
Days | d |
Hours | h |
Minutes | m |
Seconds | s |
Examples:
- 1 hour and 30 minutes: 90m
- 1 day: 1d
- 10 hours: 10h