Authelia User Database Backend
The Authelia User Database is an authentication backend used for verifying user passwords and used to retrieve information such as email address and groups to which a user belongs. This database works in a harmony Authelia’s Access Control List (ACL) to control site access. ACL setup is discussed here.
The Authelia User Database contains entries specifc for each client: usename, password, group memberships, and email. The Authelia site administrator is responsible for creating user profiles with this infomation. There is no user “signup” portal. The user may change their password at any time after creation.
The database requires a working SMTP in order to function properly. Email is sent from Authelia’s host server to the client during the process of password changes and two-factor registration. Please see SMTP Mail Relay Setup for instructions on how to setup an email SMTP server that will forward email through Gmail if necessary.
The Authelia User Database is formatted as LDAP or as a simple file. To simply setup of the Authelia server this guide will use the “file” method. It would be possible to use an existing LDAP server or create a new Docker instance of an LDAP server if required.
Authelia User Database Setup
Please see the complete schematic of the directory tree for the layout of paths that will created on the host server. This section will create the /etc/authelia/config/users.yml file.
– ROOT WARNING: Please perform commands listed below as the root user (su/sudo)
Please create the following directory path:
$ mkdir -p /etc/authelia/config↲
An example users.yml file is shown below. You will need to create this file and populate it with data relevant to your particular setup. Groups names can be arbitray. Ensure the email address is valid. Password creation is discussed below.
###############################################################
# Users Database #
###############################################################
# This file can be used if you do not have an LDAP set up. All users passwords are 'password'.
users:
john:
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: john.doe@authelia.com
groups:
- admins
- dev
harry:
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: harry.potter@authelia.com
groups: []
bob:
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: bob.dylan@authelia.com
groups:
- dev
james:
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
Hashed Passwords can be generated with following command: (Be sure to replace
sudo docker run authelia/authelia:latest authelia hash-password <yourpassword>
Be sure to take the generated hashed password and place it within the users.yml file. A password should be generated for each user within the users.yml file. Users may change this password later if desired.