Local authorization
Authorizes a user request via the local user database of the host on which Bifröst is running.
Note
This authorization requires Bifröst to run with root permissions.
Properties
type
Authorization Type = "local"
Has to be set to local to enable the local authorization.
authorizedKeys
Array<Authorized Keys> =
["{{.user.homeDir}}/.ssh/authorized_keys"]
Contains files with the format of classic authorized keys, in which Bifröst will look for SSH Public Keys.
password
Contains files of with format of classic authorized keys, in which Bifröst will look for SSH Public Keys.
pamService
string = "<os and edition specific>"
If set to a non-empty value, this PAM service will be directly used during the authorization process instead of /etc/passwd and /etc/shadow.
Default settings
linux/extended |
anything else |
|---|---|
sshd |
empty |
Password
The password can either be validated via /etc/passwd and /etc/shadow (default) or via PAM (if pamService is set to a valid value).
Properties
allowed
If true, the user is allowed to use passwords via classic password authentication
interactiveAllowed
If true, the user is allowed to use passwords via interactive authentication.
emptyAllowed
If true, the user is allowed to use empty passwords.
Warning
This is explicitly not recommend.
Context
This authorization will produce a context of type Authorization Local.
Examples
Compatibility
| Feature | linux |
windows |
|---|---|---|
| PAM | / | / |
| anything else | / | / |