From 01f730ad71deb7c607e7a32c039b237606e9452e Mon Sep 17 00:00:00 2001 From: Stephen J Day Date: Wed, 10 Jun 2015 19:41:54 -0700 Subject: [PATCH] Document usage of htpasswd access controller Signed-off-by: Stephen J Day --- docs/configuration.md | 49 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/docs/configuration.md b/docs/configuration.md index 68fb54c5..0771d5d2 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -108,6 +108,9 @@ auth: service: token-service issuer: registry-token-issuer rootcertbundle: /root/certs/bundle + htpasswd: + realm: basic-realm + path: /path/to/htpasswd middleware: registry: - name: ARegistryMiddleware @@ -600,6 +603,9 @@ auth: service: token-service issuer: registry-token-issuer rootcertbundle: /root/certs/bundle + htpasswd: + realm: basic-realm + path: /path/to/htpasswd ``` The `auth` option is **optional**. There are @@ -710,6 +716,49 @@ public part of the certificates that is used to sign authentication tokens. For more information about Token based authentication configuration, see the [specification.] +### htpasswd + +The _htpasswd_ authentication backed allows one to configure basic auth using an +[Apache HTPasswd File](http://httpd.apache.org/docs/2.4/programs/htpasswd.html). +Only [`bcrypt`](http://en.wikipedia.org/wiki/Bcrypt) format passwords are +supported. Entries with other hash types will be ignored. The htpasswd file is +loaded once, at startup. If the file is invalid, the registry will display and +error and will not start. + +> __WARNING:__ This authentication scheme should only be used with TLS +> configured, since basic authentication sends passwords as part of the http +> header. + + + + + + + + + + + + + + + + + +
ParameterRequiredDescription
+ realm + + yes + + The realm in which the registry server authenticates. +
+ path + + yes + + Path to htpasswd file to load at startup. +
+ ## middleware The `middleware` option is **optional**. Use this option to inject middleware at