File based
StackState Self-hosted v4.6.x
This page describes StackState version 4.6.
Overview
In case no external authentication provider can be used, you can use file based authentication. This will require every StackState user to be pre-configured in the configuration file. For every change made to a user in the configuration, StackState must be restarted.
StackState includes four default roles - Administrator, Platform Administrator, Power user and Guest. The permissions assigned to each default role and instructions on how to create other roles can be found in the RBAC documentation.
Set up file based authentication
Kubernetes
To configure file based authentication on Kubernetes, StackState users need to be added to the authentication.yaml
file. For example:
Follow the steps below to configure users and apply changes:
In
authentication.yaml
- add users. The following configuration should be added for each user (see the example above):username - the username used to log into StackState.
passwordHash - the password used to log into StackState. Passwords are stored as either an MD5 hash or a bcrypt hash.
roles - the list of roles that the user is a member of. The default StackState roles are
stackstate-admin
,stackstate-platform-admin
,stackstate-power-user
andstackstate-guest
, for details on how to create other roles, see RBAC roles.
Store the file
authentication.yaml
together with the filevalues.yaml
from the StackState installation instructions.Run a Helm upgrade to apply the changes:
Note:
An MD5 password hash can be generated using the
md5sum
ormd5
command line applications on Linux and Mac.A bcrypt password hash can be generated using the following command line
htpasswd -bnBC 10 "" <password> | tr -d ':\n'
or using an online tool.The first run of the helm upgrade command will result in pods restarting, which may cause a short interruption of availability.
Include
authentication.yaml
on everyhelm upgrade
run.The authentication configuration is stored as a Kubernetes secret.
Linux
To configure file based authentication on Linux, StackState users need to be added to the application_stackstate.conf
file. For example:
Follow the steps below to configure users and apply changes:
In
authentication.yaml
- add users. The following configuration should be added for each user (see the example above):username - the username used to log into StackState.
password - the password used to log into StackState. Passwords are stored as either an MD5 hash or a bcrypt hash.
roles - the list of roles that the user is a member of. The default StackState roles are
stackstate-admin
,stackstate-platform-admin
,stackstate-power-user
andstackstate-guest
, for details on how to create other roles, see RBAC roles.
Restart StackState to apply the changes.
Note:
An MD5 password hash can be generated using the
md5sum
ormd5
command line applications on Linux and Mac.A bcrypt password hash can be generated using the following command line
htpasswd -bnBC 10 "" <password> | tr -d ':\n'
or using an online tool.
See also
Last updated