Local authorization
Authorizes a requesting user via the local user database of the host on which Bifröst is running on.
Note
This authorization requires Bifröst to run with root permissions.
Properties
type
Authorization Type = "local"
Has to be set to local
to enable the local authorization.
authorizedKeys
Array<Authorized Keys> =
["{{.user.homeDir}}/.ssh/authorized_keys"]
Contains files of the format of classic authorized keys Bifröst will look in for SSH Public Keys .
password
Contains files of the format of classic authorized keys Bifröst will look in for SSH Public Keys .
pamService
string = "<os and edition specific>"
If set to a non-empty value, this PAM service will be used during the authorization process instead of /etc/passwd
and /etc/shadow
directly.
Default settings
linux /extended |
anything else |
---|---|
sshd |
empty |
Password
The password can either be validated via /etc/passwd
and /etc/shadow
(default) or via PAM (if pamService
is set to a valid value).
Support of yescrypt
yescrypt is cryptographic key derivation function used for password hashing in some modern Linux distributions (such as Ubuntu). Their support and give Bifröst the possibility to evaluate their passwords, the linux
/extended
edition of Bifröst is required.
Properties
allowed
If true
, the user is allowed to use passwords via classic password authentication
interactiveAllowed
If true
, the user is allowed to use passwords via interactive authentication.
emptyAllowed
If true
, the user is allowed to use empty password.
Warning
This is explicitly not recommend.
Context
This authorization will produce a context of type Authorization Local.
Examples
Compatibility
Feature | linux /generic |
linux /extended |
windows /generic |
---|---|---|---|
PAM | * |
||
yescrypt | * |
||
anything else | * |
* |