3.4. Userlists



It is possible to control access to frontend/backend/listen sections or to http stats by allowing only authenticated and authorized users. To do this, it is required to create at least one userlist and to define users.

userlist <listname>
Creates new userlist with name <listname>. Many independent userlists can be used to store authentication & authorization data for independent customers.

group <groupname> [users <user>,<user>,(…)]
Adds group <groupname> to the current userlist. It is also possible to attach users to this group by using a comma separated list of names proceeded by “users” keyword.

user <sername> [password|insecure-password <password>]
[groups <group&gt,<group&gt,(…)]
Adds user <username> to the current userlist. Both secure (encrypted) and insecure (unencrypted) passwords can be used. Encrypted passwords are evaluated using the crypt(3) function so depending of the system’s capabilities, different algorithms are supported. For example modern Glibc based Linux system supports MD5, SHA-256, SHA-512 and of course classic, DES-based method of encrypting passwords.

Example:

        userlist L1
          group G1 users tiger,scott
          group G2 users xdb,scott

          user tiger password $6$k6y3o.eP$JlKBx9za9667qe4(...)xHSwRv6J.C0/D7cV91
          user scott insecure-password elgato
          user xdb insecure-password hello

        userlist L2
          group G1
          group G2

          user tiger password $6$k6y3o.eP$JlKBx(...)xHSwRv6J.C0/D7cV91 groups G1
          user scott insecure-password elgato groups G1,G2
          user xdb insecure-password hello groups G2

Please note that both lists are functionally identical.

Share Button

One thought on “3.4. Userlists

Leave a Reply