Config/File

This is the default backend. It contains all configuration information, as well as users and groups.
This bare bones type of configuration allows you to get started with GLAuth very quickly and depending on your needs, you may not need to switch to a different backend.

Note that, since you can chain backends, you could use this backend to specify two-factors secrets before relaying a query to, for instance, a LDAP backend where the same users already exist, only without this added level of security.

TODO: Diagram

beta
Starting with version 2.1.0, it is possible to split this backend type in multiple, specialized files.
Store these files in a directory and point GLauth to that directory using -c directory

Required Fields

NameDescription
NameThe user’s username
ouID of the user’s primary group
uidnumberThe user’s unix user id
sshPublicKeySpecify an array of public keys

Optional Fields

NameDescriptionExampleDefault
otherGroupsArray of IDs of groups the user is a member of.[5501, 5002]blank
givennameFirst nameJohnblank
snLast nameDoeblank
disabledSet to ‘true’ (without quotes) to make the LDAP entry add ‘AccountStatus = inactive’false (active)
mailSpecify an emailjdoe@example.comblank
loginshellSpecify a different login shell for the user/bin/sh, or /sbin/nologin/bin/bash
homedirectorySpecify an overridden home directory for the user/home/itadmin/home/[username]
otpsecretSpecify OTP secret used to validate OTP passcode3hnvnk4ycv44glzigd6s25j4dougs3rkblank
passappbcryptSpecify an array of app passwords which can also succesfully bind - these bypass the OTP check. Hash the same way as password.[“c32256…”,“4939ef…”]blank
passappsha256Specify an array of app passwords which can also succesfully bind - these bypass the OTP check. Hash the same way as password.[“c32256…”,“4939ef…”]blank
yubikeySpecify Yubikey ID for maching Yubikey OTP against the usercccjgjgkhcbbblank
Copyright 2021