Local authorization
Authorizes a requesting user via the local user database of the host on which Bifröst is running on.
Note
This authorization requires Bifröst to run with root permissions.
Properties
type
Authorization Type = "local"
Has to be set to local to enable the local authorization.
authorizedKeys
Array<Authorized Keys> =
["{{.user.homeDir}}/.ssh/authorized_keys"]
Contains files of the format of classic authorized keys Bifröst will look in for SSH Public Keys .
password
Contains files of the format of classic authorized keys Bifröst will look in for SSH Public Keys .
pamService
string = "<os and edition specific>"
If set to a non-empty value, this PAM service will be used during the authorization process instead of /etc/passwd and /etc/shadow directly.
Default settings
linux/extended |
anything else |
|---|---|
sshd |
empty |
Password
The password can either be validated via /etc/passwd and /etc/shadow (default) or via PAM (if pamService is set to a valid value).
Support of yescrypt
yescrypt is cryptographic key derivation function used for password hashing in some modern Linux distributions (such as Ubuntu). Their support and give Bifröst the possibility to evaluate their passwords, the linux/extended edition of Bifröst is required.
Properties
allowed
If true, the user is allowed to use passwords via classic password authentication
interactiveAllowed
If true, the user is allowed to use passwords via interactive authentication.
emptyAllowed
If true, the user is allowed to use empty password.
Warning
This is explicitly not recommend.
Context
This authorization will produce a context of type Authorization Local.
Examples
Compatibility
| Feature | linux/generic |
linux/extended |
windows/generic |
|---|---|---|---|
| PAM | * |
||
| yescrypt | * |
||
| anything else | * |
* |