Authentication for the registry can be handled by either the registry itself, LDAP or external JWT endpoint.
            
            Additional external authentication providers (such as GitHub) can be used on top of this choice.
          
         
        
          It is 
highly recommended to require encrypted client passwords. External passwords used in the Docker client will be stored in 
plaintext!
          
Enable this requirement now.
        
          Note: The "Require Encrypted Client Passwords" feature is currently enabled which will
          prevent passwords from being saved as plaintext by the Docker client.
        
        
          
            | Authentication: |  | 
        
        
        
          
            | Keystone Authentication URL: | 
              The URL (starting with http or https) of the Keystone Server endpoint for auth.
               | 
          
            | Keystone Administrator Username: | 
                 The username for the Keystone admin.
               | 
          
            | Keystone Administrator Password: | 
                 The password for the Keystone admin.
               | 
          
            | Keystone Administrator Tenant: | 
                The tenant (project/group) that contains the administrator user.
               | 
        
        
        
          JSON Web Token authentication allows your organization to provide an HTTP endpoint that
          verifies user credentials on behalf of 
.
          
          Documentation
          on the API required can be found here: 
https://github.com/coreos/jwt-auth-example.
        
          
            | User Verification Endpoint: | 
              The URL (starting with http or https) on the JWT authentication server for verifying username and password credentials.
               
              Credentials will be sent in the Authorizationheader as Basic Auth, and this endpoint should return200 OKon success (or a4**otherwise). | 
          
            | Authentication Issuer: | 
                The id of the issuer signing the JWT token. Must be unique to your organization.
               | 
          
            | Public Key: | 
                A certificate containing the public key portion of the key pair used to sign
                the JSON Web Tokens. This file must be in PEM format.
               | 
        
        
        
          
            | LDAP URI: | 
              The full LDAP URI, including the ldap:// or ldaps:// prefix.
               | 
          
            | Base DN: | 
              A Distinguished Name path which forms the base path for looking up all LDAP records.
               
                Example: dc=my,dc=domain,dc=com
               | 
          
            | User Relative DN: | 
              A Distinguished Name path which forms the base path for looking up all user LDAP records,
              relative to the Base DN defined above.
               
                Example: ou=employees
               | 
          
            | Secondary User Relative DNs: | 
              A list of Distinguished Name path(s) which forms the secondary base path(s) for
              looking up all user LDAP records, relative to the Base DN defined above. These path(s)
              will be tried if the user is not found via the primary relative DN.
               
                Example: [ou=employees]
               | 
          
            | Administrator DN: | 
              The Distinguished Name for the Administrator account. This account must be able to login and view the records for all user accounts.
               
                Example: uid=admin,ou=employees,dc=my,dc=domain,dc=com
               | 
          
            | Administrator DN Password: | 
                Note: This will be stored in
                plaintext  inside the config.yaml, so setting up a dedicated account or using
                a password hash  is highly  recommended.
              
               The password for the Administrator DN.
               | 
          
            | UID Attribute: | 
               The name of the property field in your LDAP user records that stores your
               users' username. Typically "uid".
               | 
          
            | Mail Attribute: | 
               The name of the property field in your LDAP user records that stores your
               users' e-mail address(es). Typically "mail".
               | 
          
            | Custom TLS Certificate: | 
                If specified, the certificate (in PEM format) for the LDAP TLS connection.
               | 
          
            | Allow insecure: | 
                Allow fallback to non-TLS connections
               
                If enabled, LDAP will fallback to insecure non-TLS connections if TLS does not succeed.
               |