Local authorization
Authorizes a user request via the local user database of the host on which Bifröst is running.
Note
This authorization requires Bifröst to run with root permissions.
Properties
type
Authorization Type = "local"
Has to be set to local to enable the local authorization.
authorizedKeys
[]File Path<Authorized Keys> Core =
["{{.user.homeDir}}/.ssh/authorized_keys"]
Contains files with the format of classic authorized keys, in which Bifröst will look for SSH Public Keys.
password
See below.
pamService
string = "<os and edition specific>"
If set to a non-empty value, this PAM service will be directly used during the authorization process instead of /etc/passwd and /etc/shadow.
Default settings
linux/extended |
anything else |
|---|---|
sshd |
empty |
Password
The password can either be validated via /etc/passwd and /etc/shadow (default) or via PAM (if pamService is set to a valid value).
Properties
allowed
bool Context Password Authorization Request = true
If true, the user is allowed to use passwords via classic password authentication
interactiveAllowed
bool Context Interactive Authorization Request = true
If true, the user is allowed to use passwords via interactive authentication.
emptyAllowed
bool Context * Authorization Request = false
If true, the user is allowed to use empty passwords.
Danger
This is explicitly not recommend.
Context
This authorization will produce a context of type Authorization Local.
Examples
Compatibility
| Feature | linux |
windows |
|---|---|---|
| PAM | / | / |
| anything else | / | / |