authelia/docs/configuration/authentication/file.md

77 lines
2.6 KiB
Markdown

---
layout: default
title: File
parent: Authentication backends
grand_parent: Configuration
nav_order: 1
---
# File
**Authelia** supports a file as a users database.
## Configuration
Configuring Authelia to use a file is done by specifying the path to the
file in the configuration file.
authentication_backend:
file:
path: /var/lib/authelia/users.yml
## Format
The format of the file is as follows.
users:
john:
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: john.doe@authelia.com
groups:
- admins
- dev
harry:
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: harry.potter@authelia.com
groups: []
bob:
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: bob.dylan@authelia.com
groups:
- dev
james:
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
This file should be set with read/write permissions as it could be updated by users
resetting their passwords.
## Passwords
The file contains hash of passwords instead of plain text passwords for security reasons.
You can use authelia binary or docker image to generate the hash of any password.
For instance, with the docker image, just run
$ docker run authelia/authelia:latest authelia hash-password yourpassword
$6$rounds=50000$BpLnfgDsc2WD8F2q$be7OyobnQ8K09dyDiGjY.cULh4yDePMh6CUMpLwF4WHTJmLcPE2ijM2ZsqZL.hVAANojEfDu3sU9u9uD7AeBJ/
## Password Hash Function
The only supported hash function is salted sha512 determined by the prefix `$6$` as described
in this [wiki](https://en.wikipedia.org/wiki/Crypt_(C)) page.
Although not the best hash function, Salted SHA512 is a decent algorithm given the number of rounds is big
enough. It's not the best because the difficulty to crack the hash does not on the performance of the machine.
The best algorithm, [Argon2](https://en.wikipedia.org/wiki/Argon2) does though. It won the
[Password Hashing Competition](https://en.wikipedia.org/wiki/Password_Hashing_Competition) in 2015 and is now
considered the best hashing function. There is an open [issue](https://github.com/authelia/authelia/issues/577)
to add support for this hashing function.