2024-11-30 19:41:12 +01:00
|
|
|
.Dd 24 november 2024
|
|
|
|
.Dt "authd" 1
|
|
|
|
.Os Linux "(Ubuntu and Alpine)"
|
|
|
|
|
|
|
|
.Sh Name
|
|
|
|
.Nm authd
|
|
|
|
.Nd the authentication daemon.
|
|
|
|
|
|
|
|
.Sh Description
|
|
|
|
The
|
|
|
|
.Nm authd
|
|
|
|
daemon is a micro-service providing authentication and authorization services.
|
|
|
|
|
|
|
|
.Sh Synopsis
|
|
|
|
.
|
|
|
|
.Nm authd
|
|
|
|
.Op Fl snREh
|
|
|
|
.Op Fl k Ar key-file
|
|
|
|
.Op Fl v Ar verbosity
|
2024-12-11 20:59:45 +01:00
|
|
|
.Op Fl -configuration Ar file
|
2024-11-30 19:41:12 +01:00
|
|
|
.Op Fl -project Ar project-name
|
2024-12-11 20:59:45 +01:00
|
|
|
.
|
2024-12-10 20:35:55 +01:00
|
|
|
.Op Fl -storage-directory Ar path
|
|
|
|
.Op Fl -service-name Ar name
|
|
|
|
.Op Fl -recreate-indexes
|
2024-11-30 19:41:12 +01:00
|
|
|
.Op Fl t Ar account-activation-template
|
|
|
|
.Op Fl r Ar account-recovery-template
|
|
|
|
.Op Fl m Ar mailer
|
|
|
|
.Op Fl x Ar read-only-key
|
|
|
|
|
|
|
|
.Sh Configuration
|
|
|
|
Most of the actual configuration will reasonably come from a configuration file, not from command line parameters.
|
|
|
|
|
|
|
|
By default, configuration is read from
|
|
|
|
.Pa $XDG_CONFIG_HOME/baguette/auth.yml
|
|
|
|
or
|
|
|
|
.Pa /etc/baguette/auth.yml .
|
|
|
|
|
|
|
|
Configuration file is in YAML, see the following example:
|
|
|
|
|
|
|
|
.in +4
|
|
|
|
.nf
|
|
|
|
mailer_exe: /home/john/mailer
|
|
|
|
secret_key_file: /var/authd/secret-password
|
|
|
|
recreate_indexes: true
|
|
|
|
.fi
|
|
|
|
.in
|
|
|
|
|
|
|
|
In this example, the path to a custom
|
|
|
|
.Xr mailer
|
|
|
|
application is configured.
|
|
|
|
.br
|
|
|
|
The
|
|
|
|
.Dq "master password"
|
|
|
|
used by
|
|
|
|
.Xr authd
|
|
|
|
to encrypt users's password is read from the file
|
|
|
|
.Pa /var/authd/secret-password .
|
|
|
|
.br
|
|
|
|
Finally, indexes are recreated, which is related to the
|
2024-12-13 01:42:21 +01:00
|
|
|
.Xr DoDB
|
|
|
|
document database, see the related documentation to learn more.
|
2024-11-30 19:41:12 +01:00
|
|
|
|
2024-12-01 00:39:05 +01:00
|
|
|
.Sh Configuration file variables
|
|
|
|
The following presents the complete list of configuration file variables.
|
|
|
|
|
|
|
|
Generic
|
|
|
|
.Xr libipc 7
|
|
|
|
related variables:
|
|
|
|
.
|
|
|
|
.Bl -tag -width " print functions" -compact
|
|
|
|
.It Li ipc_timer
|
2024-12-13 01:42:21 +01:00
|
|
|
Int32, 30_000
|
|
|
|
.br
|
|
|
|
The IPC timer wakes the process by default every 30 seconds.
|
|
|
|
There is no much point changing this value since nothing is executed periodically anyway, at least for now.
|
|
|
|
|
2024-12-01 00:39:05 +01:00
|
|
|
.It Li verbosity
|
2024-12-13 01:42:21 +01:00
|
|
|
Int32, 4
|
|
|
|
.br
|
|
|
|
[0-4],
|
2024-12-01 00:39:05 +01:00
|
|
|
.Dq 0
|
|
|
|
being quiet and
|
|
|
|
.Dq 4
|
2024-12-13 01:42:21 +01:00
|
|
|
meaning printing debug values.
|
2024-12-01 00:39:05 +01:00
|
|
|
|
2024-12-13 01:42:21 +01:00
|
|
|
.It Li ipc_messages_to_show
|
|
|
|
Array of
|
|
|
|
.Vt Baguette::Configuration::IPC::MESSAGE ,
|
|
|
|
[ERROR, EXCEPTION]
|
|
|
|
|
|
|
|
Types of IPC messages to print, for example all connections.
|
|
|
|
This is mainly for debug since it is very low-level.
|
|
|
|
High-level messages are more relevant to log.
|
|
|
|
By default, errors and exceptions are logged.
|
|
|
|
|
|
|
|
See
|
|
|
|
.Xr Baguette-crystal-base ,
|
|
|
|
which includes the
|
|
|
|
.Vt Baguette::Configuration::IPC::MESSAGE
|
|
|
|
definition.
|
|
|
|
This type has an alias in
|
|
|
|
.Xr authd :
|
|
|
|
.Vt IPCMESSAGE .
|
|
|
|
|
|
|
|
.It Li service_name
|
|
|
|
String,
|
|
|
|
.Dq auth
|
|
|
|
.br
|
|
|
|
.Xr libipc 7
|
|
|
|
unix socket name.
|
2024-12-01 00:39:05 +01:00
|
|
|
.El
|
|
|
|
.El
|
|
|
|
|
|
|
|
Specific
|
|
|
|
.Xr authd
|
|
|
|
variables:
|
2024-12-13 01:42:21 +01:00
|
|
|
.Bl -tag -width " print_password_recovery" -compact
|
|
|
|
.It Li log_file
|
|
|
|
String?,
|
|
|
|
.Em none
|
|
|
|
.br
|
|
|
|
Path to the log file.
|
|
|
|
|
|
|
|
.It Li messages_to_mask
|
|
|
|
Array of
|
|
|
|
.Vt AuthD::MESSAGE ,
|
|
|
|
.Em [ KEEPALIVE ]
|
|
|
|
.br
|
|
|
|
List of high-level
|
|
|
|
.Em authd
|
|
|
|
messages to mask in the logs.
|
|
|
|
.br
|
|
|
|
The type
|
|
|
|
.Vt AuthD::MESSAGE
|
|
|
|
has an alias:
|
|
|
|
.Vt AUTHMESSAGE .
|
|
|
|
|
2024-12-01 00:39:05 +01:00
|
|
|
.It Li recreate_indexes
|
|
|
|
Bool, false
|
2024-12-10 20:35:55 +01:00
|
|
|
.It Li storage_directory
|
2024-12-01 00:39:05 +01:00
|
|
|
String,
|
2024-12-10 20:35:55 +01:00
|
|
|
.Pa ./db-authd
|
2024-12-01 00:39:05 +01:00
|
|
|
.It Li registrations
|
|
|
|
Bool, false
|
|
|
|
.It Li require_email
|
|
|
|
Bool, false
|
|
|
|
.It Li activation_template
|
|
|
|
String,
|
|
|
|
.Dq email-activation
|
|
|
|
.It Li recovery_template
|
|
|
|
String,
|
|
|
|
.Dq email-recovery
|
|
|
|
.It Li mailer_exe
|
|
|
|
String,
|
|
|
|
.Pa /usr/local/bin/mailer
|
|
|
|
.It Li read_only_profile_keys
|
|
|
|
Array of String, []
|
|
|
|
.It Li print_password_recovery_parameters
|
|
|
|
Bool, false
|
|
|
|
.El
|
|
|
|
|
2024-11-30 19:41:12 +01:00
|
|
|
.Sh Options
|
|
|
|
.Bl -tag -width "-t activation-template-name,"
|
|
|
|
.It Li -s , --simulation
|
|
|
|
Print configuration then quit.
|
|
|
|
.
|
|
|
|
.It Li -n , --no-configuration
|
|
|
|
No configuration file should be read.
|
|
|
|
.
|
|
|
|
.It Li -v No verbosity , Li --verbosity No level
|
|
|
|
Verbosity level. From 0 to 4. Default: 4.
|
|
|
|
.
|
2024-12-11 20:59:45 +01:00
|
|
|
.It Li --configuration No file
|
|
|
|
Alternative configuration file.
|
|
|
|
.
|
2024-11-30 19:41:12 +01:00
|
|
|
.It Li --project No project-name
|
|
|
|
Project name, used for slotting to enable several instances of
|
|
|
|
.Nm authd
|
|
|
|
to run at the same time.
|
|
|
|
Will search in
|
|
|
|
.Pa $XDG_CONFIG_HOME/baguette/<project-name>/auth.yml
|
|
|
|
then
|
|
|
|
.Pa /etc/baguette/<project-name>/auth.yml .
|
|
|
|
.
|
|
|
|
.It Li -h , --help
|
|
|
|
Show some help, but won't cover as much as the actual manual.
|
|
|
|
.
|
2024-12-10 20:35:55 +01:00
|
|
|
.It Li --service-name No service_name
|
|
|
|
Service name (IPC).
|
|
|
|
.
|
|
|
|
.It Li --recreate-indexes
|
|
|
|
Recreate database indexes (symbolic links).
|
|
|
|
.
|
|
|
|
.It Li --storage-directory No directory
|
2024-11-30 19:41:12 +01:00
|
|
|
Directory in which to store users.
|
|
|
|
.
|
|
|
|
.It Li -k No file , Li --key-file No file
|
|
|
|
JWT key file.
|
|
|
|
.
|
|
|
|
.It Li -R , --allow-registrations
|
|
|
|
Allow user registration.
|
|
|
|
.
|
|
|
|
.It Li -E , --require-email
|
|
|
|
Require an email from users at registration.
|
|
|
|
.
|
|
|
|
.It Li -t No activation-template-name , Li --activation-template No name
|
|
|
|
Email activation template.
|
|
|
|
.
|
|
|
|
.It Li -r No recovery-template-name , Li --recovery-template No name
|
|
|
|
Email recovery template.
|
|
|
|
.
|
|
|
|
.It Li -m No mailer-exe , Li --mailer No mailer-exe
|
|
|
|
Application to send registration emails.
|
|
|
|
.
|
|
|
|
.It Li -x No key , Li --read-only-profile-key No key
|
|
|
|
Mark a user profile key as being read-only.
|
|
|
|
.El
|
|
|
|
.
|
|
|
|
.Sh Detailed description
|
|
|
|
The code is based on the
|
|
|
|
.Nm libipc
|
|
|
|
library and (trivial) JSON requests, enabling a simple API.
|
|
|
|
.
|
|
|
|
.Sh Required tooling for user registration
|
|
|
|
Two applications are required for
|
|
|
|
.Xr authd
|
|
|
|
to send emails upon user registration: an SMTP server and a
|
|
|
|
.Xr mailer ,
|
|
|
|
an application that is called upon user registration.
|
|
|
|
|
|
|
|
The
|
|
|
|
.Xr mailer 1
|
|
|
|
application takes three parameters: "send", a template name and the target email address.
|
2024-12-01 12:34:18 +01:00
|
|
|
This application also takes two environment variables:
|
|
|
|
.Ev LOGIN
|
|
|
|
and
|
|
|
|
.Ev TOKEN .
|
2024-11-30 19:41:12 +01:00
|
|
|
See
|
|
|
|
.Pa src/process.cr .
|
|
|
|
.br
|
|
|
|
Example:
|
|
|
|
.br
|
|
|
|
$ LOGIN=john TOKEN=a-b-c-d
|
|
|
|
.Nm mailer
|
|
|
|
send registration-template 'john@example.com'
|
|
|
|
|
|
|
|
An example of such mailer can be found here:
|
|
|
|
.br
|
|
|
|
.Lk https://git.baguette.netlib.re/Baguette/mailer mailer
|
|
|
|
|
|
|
|
.Sh See also
|
|
|
|
TODO: expand the documentation
|
|
|
|
|
2024-12-01 00:39:05 +01:00
|
|
|
.Bl -bullet -compact
|
2024-11-30 19:41:12 +01:00
|
|
|
.
|
|
|
|
.It
|
|
|
|
.Xr libipc 7
|
|
|
|
the documentation of the way libipc works
|
|
|
|
.
|
|
|
|
.It
|
2024-12-11 11:34:45 +01:00
|
|
|
.Xr authctl 1
|
2024-11-30 19:41:12 +01:00
|
|
|
a command-line-interface client for
|
|
|
|
.Xr authd
|
|
|
|
.
|
|
|
|
.It
|
|
|
|
.Xr dnsmanagerd 1
|
|
|
|
a DNS manager service using
|
|
|
|
.Xr authd
|
|
|
|
to handle users (authentication, authorization, preferences and profile)
|
|
|
|
.
|
|
|
|
.It
|
|
|
|
.Xr mailer 1
|
|
|
|
a simple executable to send mails based on templates
|
|
|
|
.El
|
|
|
|
|
2024-12-13 01:42:21 +01:00
|
|
|
The Document-oriented DataBase (DoDB) library used in
|
|
|
|
.Xr authd .
|
|
|
|
.br
|
|
|
|
.Lk https://git.baguette.netlib.re/Baguette/dodb.cr dodb
|
|
|
|
|
|
|
|
The online service
|
|
|
|
.Dq netlib.re
|
|
|
|
is the first one to use the
|
|
|
|
.Xr authd
|
|
|
|
daemon.
|
|
|
|
.br
|
|
|
|
.Lk https://www.netlib.re netlib.re
|
|
|
|
|
|
|
|
The logging and configuration library for the whole
|
|
|
|
.Dq baguette
|
|
|
|
project.
|
|
|
|
.br
|
|
|
|
.Lk https://git.baguette.netlib.re/Baguette/baguette-crystal-base baguette-crystal-base
|
|
|
|
|
2024-11-30 19:41:12 +01:00
|
|
|
.Sh Limitations
|
|
|
|
WARNING:
|
|
|
|
.Xr authd
|
|
|
|
doesn't handle all possible email addresses.
|
|
|
|
|
|
|
|
TODO: expand the documentation
|