78 lines
2.6 KiB
Markdown
78 lines
2.6 KiB
Markdown
---
|
||
layout: default
|
||
title: File
|
||
parent: Authentication backends
|
||
grand_parent: Configuration
|
||
nav_order: 1
|
||
---
|
||
|
||
# File
|
||
|
||
**Authelia** supports a file as a users database.
|
||
|
||
## Configuration
|
||
|
||
Configuring Authelia to use a file is done by specifying the path to the
|
||
file in the configuration file.
|
||
|
||
authentication_backend:
|
||
file:
|
||
path: /var/lib/authelia/users.yml
|
||
|
||
|
||
## Format
|
||
|
||
|
||
The format of the file is as follows.
|
||
|
||
users:
|
||
john:
|
||
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
||
email: john.doe@authelia.com
|
||
groups:
|
||
- admins
|
||
- dev
|
||
|
||
harry:
|
||
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
||
email: harry.potter@authelia.com
|
||
groups: []
|
||
|
||
bob:
|
||
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
||
email: bob.dylan@authelia.com
|
||
groups:
|
||
- dev
|
||
|
||
james:
|
||
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
||
email: james.dean@authelia.com
|
||
|
||
This file should be set with read/write permissions as it could be updated by users
|
||
resetting their passwords.
|
||
|
||
## Passwords
|
||
|
||
The file contains hash of passwords instead of plain text passwords for security reasons.
|
||
|
||
You can use authelia binary or docker image to generate the hash of any password.
|
||
|
||
For instance, with the docker image, just run
|
||
|
||
$ docker run authelia/authelia:latest authelia hash-password yourpassword
|
||
$6$rounds=50000$BpLnfgDsc2WD8F2q$be7OyobnQ8K09dyDiGjY.cULh4yDePMh6CUMpLwF4WHTJmLcPE2ijM2ZsqZL.hVAANojEfDu3sU9u9uD7AeBJ/
|
||
|
||
|
||
## Password Hash Function
|
||
|
||
The only supported hash function is salted sha512 determined by the prefix `$6$` as described
|
||
in this [wiki](https://en.wikipedia.org/wiki/Crypt_(C)) page.
|
||
|
||
Although not the best hash function, Salted SHA512 is a decent algorithm given the number of rounds is big
|
||
enough. It's not the best because the difficulty to crack the hash does not on the performance of the machine.
|
||
The best algorithm, [Argon2](https://en.wikipedia.org/wiki/Argon2) does though. It won the
|
||
[Password Hashing Competition](https://en.wikipedia.org/wiki/Password_Hashing_Competition) in 2015 and is now
|
||
considered the best hashing function. There is an open [issue](https://github.com/authelia/authelia/issues/577)
|
||
to add support for this hashing function.
|
||
|