The type of authentication to use.

Whether to enable Ente Auth.

This option is opposite to lt-cred-mech. (TURN Server with no-auth option allows anonymous access)

Whether to enable webconsole authentication.

The ente-auth package to use.

Username used to access the GNS3 Server.

Allow authentication modules to auto-create users in tt-rss internal database when authenticated successfully.

Automatically login user on remote or other kind of externally supplied authentication, otherwise redirect to login form as normal

Whether to enable password based HTTP authentication to access the GNS3 Server.

Path to a file containing username:password. null means no authentication required to use the service.

Authentication cookie.

Whether to enable server authentication.

Seconds to store cached auth entries for.

Choose the type of authentication used

Set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)

Password based authentication to access the server

Choose users database file to use for authentication

Authentication type for FreshRSS.

The file managing the authentication for deluge, the format of this file is straightforward, each line contains a username:password:level tuple in plaintext

A file containing the auth key

If true, once a specific ip address authed successfully with user/pass, it is added to a whitelist and may use the proxy without auth.

Authentication type

Allow clients to connect without authentication, i.e. without a valid MUNGE credential.

A file containing the password to access the GNS3 Server.

Authentication to use when connecting to xpra

How users are authenticated storage -- save passwords internally pam -- Linux PAM authentication

Password used for HQPlayer's WebUI

Username used for HQPlayer's WebUI

Port number of Go Ethereum Auth RPC API.

The following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication

Path to the file containing the static authentication secret.

This option can be used to store the username / password credentials with the "auth-user-pass" authentication method

Extra parameters to pass after the auth key

Whether to enable Go Ethereum Auth RPC API.

TURN REST API flag

Either "basic" for a general-purpose authorization protocol or "stealth" for a less scalable protocol that also hides service activity from unauthorized clients.

auth.backends options to set in /etc/nipap/nipap.conf.

Pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream.

Listen address of Go Ethereum Auth RPC API.

Enables requiring the cluster to authenticate itself to the client.

'Static' authentication secret value (a string) for TURN REST API only

The auth adapter type

Use this option to configure advanced authentication methods like EAP

Enables requiring daemons to authenticate with eachother in the cluster.

Auth sources options used by SimpleSAMLphp.

Optional username to use for authentication.

Enables requiring clients to authenticate with the cluster to access services in the cluster (e.g. radosgw, mds or osd).

Name of auth backend to use by default.

Options for the auth plugin

Path to a file containing the password for authentication.

All authentication providers to provision

The password to set when passing the HTTP Basic Auth header.

The name of this authentication provider

Auth mechanism to use

Whether to skip manual device approval.

The username to store inside the credentials file.

The password to store inside the credentials file.

Path to private key file.

Base URL for the Tailscale API.

OAuth scope specification.

Authentication plugin to attach to this listener

Configuration options to set in the GitLab Pages config file

This controls the hostname for the 9front authentication server that users will be authenticated against.

Whether to enable oauth2-proxy.

The OAuth Client ID.

Plugin path to load, should be a .so file.

By default pam-u2f module reads the keys from $XDG_CONFIG_HOME/Yubico/u2f_keys (or $HOME/.config/Yubico/u2f_keys if XDG variable is not set)

Whether to serve over TLS.

Path to auth.json file

Restrict logins to members of this organisation.

List of virtual hostnames from which to accept requests.

oauth2-proxy allows passing sensitive configuration via environment variables

The oauth2-proxy package to use.

The list of authentication protocols accepted by this network

The OAuth issuer URL.

The name of the cookie that the oauth_proxy creates.

Restrict logins to members of this team.

The address of the reverse proxy endpoint for oauth2-proxy

Profile access endpoint.

Whether to register as an ephemeral node.

Authentication endpoint

The url root path that this proxy should be nested under.

Extra config to pass to oauth2-proxy.

OIDC authentication URL endpoint.

Authentication to expect from remote

Authorized keys for the root user on initrd

Pass the request Host Header to upstream.

OAuth provider.

Set HttpOnly cookie flag.

Automatically disallow all clients using # or + in their name/id.

The OAuth Client Secret.

Go to a tenant-specific or common (tenant-independent) endpoint.

Configuration to use for Cyrus SASL authentication daemon.

Expire timeframe for cookie.

Whether to enable saslauthd, the Cyrus SASL authentication daemon.

The OAuth2 redirect URL.

Authorized keys taken from files for the root user on initrd

Token redemption endpoint

The seed string for secure cookies.

Restrict logins to members of these Google groups.

Set secure (HTTPS) cookie flag.

Skip authentication for requests matching any of these regular expressions.

Authenticate emails with the specified domains

The bin package to use.

Pass OAuth access_token to upstream via X-Forwarded-Access-Token header.

The path to a file containing the OAuth Client Secret.

HTTPS listening address

The http url(s) of the upstream endpoint or file:// paths for static files

Path to the configuration file containing authorized users credentials to run iperf tests.

Path to file containing XMLRPC URI for use by web UI - this is a secret, since it contains auth credentials

The resource that is protected.

Refresh the cookie after this duration; 0 to disable.

The path to a file containing the seed string for secure cookies.

Path to a JWT secret for authenticated RPC endpoint.

Log requests to stdout.

OAuth approval_prompt.

GAP-Signature request signature key.

Additionally authenticate against a htpasswd file

addr:port to listen on for HTTPS clients

Optional cookie domains to force cookies to (ie: .yourcompany.com)

The domain under which the oauth2-proxy will be accesible and the path of cookies are set to

File mapping user names to pre-shared keys (passwords).

Multi-domain protection currently requires multiple instances of Authelia

Access token validation endpoint

The name of the user for this authelia instance.

User authorization mappings

Linux user to authorize

• 0: Plain
• 1: Login
• 2: CRAM-MD5

In case when running behind a reverse proxy, controls whether headers like X-Real-Ip are accepted

Line-separated email addresses that are allowed to authenticate.

The name of the group for this authelia instance.

Enables the use of the ~/.ssh/authorized_keys file

Nginx virtual hosts to put behind the oauth2 proxy

Authentication for clients and servers

Authentication to perform locally.

• The default pubkey uses public key authentication using a private key associated to a usable certificate.
• psk uses pre-shared key authentication.
• The IKEv1 specific xauth is used for XAuth or Hybrid authentication,
• while the IKEv2 specific eap keyword defines EAP authentication.
• For xauth, a specific backend name may be appended, separated by a dash

The path to the password you will use in the Grafana webhook settings.

A file containing a the client secret for an openid_connect adapter

Path to custom HTML templates.

Whether to enable Authelia instance.

Any remote cjdns nodes that offer these passwords on connection will be allowed to route through this node.

A list of verbatim OpenSSH public keys that should be added to the user's authorized keys

A list of files each containing one OpenSSH public key that should be added to the user's authorized keys

Name is used as a suffix for the service name, user, and group

The Google Admin to impersonate for API calls

Specifies the user under whose account the AuthorizedKeysCommand is run

Authentication mechanism used for logins.

The user that you will authenticate with in the Grafana webhook settings

Authenticate with the SMTP server using username and password.

Authentication type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html

The authelia package to use.

Issuer URI

Specifies a program to be used to look up the user's public keys

Specify the rules for which files to read on the host

Display username / password login form if an htpasswd file is provided.

A list of verbatim OpenSSH public keys that should be added to the user's authorized keys

Whether users must authenticate when using the web UI or command-line tool

yaml file containing all secrets. this needs to be in the same structure as the configuration

A list of files each containing one OpenSSH public key that should be added to the user's authorized keys

Path to certificate file.

The path to the service account JSON credentials.

A list of paths to files in OpenSSH's authorized_keys format, containing the keys that will be trusted by the pam_ssh_agent_auth module

Provisioning of oauth2 resource servers

A list of verbatim principal names that should be added to the user's authorized principals.

authentication.ini contents

See torrc manual.

Path to file with trusted public keys in OpenSSH's authorized_keys format

Legacy authentication

Comma-separated list of authorized principals to permit; if the user presents a certificate with one of these principals, then they will be authorized

Jupyterhub authentication to use

There are many authenticators available including: oauth, pam, ldap, kerberos, etc.

Path to a list of principals; if the user presents a certificate with one of these principals, then they will be authorized

The authentication type to be used by jitsi

A list of verbatim principal names that should be added to the user's authorized principals.

The theme to display.

Username for basic auth.

hg.sr.ht's OAuth client id for meta.sr.ht.

Your Authelia config.yml as a Nix attribute set

man.sr.ht's OAuth client id for meta.sr.ht.

git.sr.ht's OAuth client id for meta.sr.ht.

hub.sr.ht's OAuth client id for meta.sr.ht.

Principal identifier (email, repo, etc.)

It is recommended you keep your secrets separate from the configuration

todo.sr.ht's OAuth client id for meta.sr.ht.

Level of verbosity for logs.

Path to your JWT secret used during identity verificaton.

lists.sr.ht's OAuth client id for meta.sr.ht.

pages.sr.ht's OAuth client id for meta.sr.ht.

paste.sr.ht's OAuth client id for meta.sr.ht.

Public SSH keys that are given full write access to this repository

Authorized clients for a v3 onion service, as a list of public key, in the format:

descriptor:x25519:<base32-public-key>

See torrc manual.

Format the logs are written as.

Configuring authelia's secret files via the secrets attribute set is intended to be convenient and help catch cases where values are required to run at all

builds.sr.ht's OAuth client id for meta.sr.ht.

hg.sr.ht's OAuth client secret for meta.sr.ht.

Here you can provide authelia with configuration files or directories

Password for basic auth

git.sr.ht's OAuth client secret for meta.sr.ht.

hub.sr.ht's OAuth client secret for meta.sr.ht.

man.sr.ht's OAuth client secret for meta.sr.ht.

A list of signing keys for each substitute server to be authorized as a source of substitutes

Whether this is a public client (enforces PKCE, doesn't use a basic secret)

Path to your HMAC secret used to sign OIDC JWTs.

todo.sr.ht's OAuth client secret for meta.sr.ht.

Maps kanidm groups to returned oauth scopes

The redirect URL of the service

Whether to enable LDAP auth.

Section defining complementary attributes of certification authorities, each in its own subsection with an arbitrary yet unique name

Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to

Authentication type to use, see https://api.rubyonrails.org/classes/ActionMailer/Base.html

Only clients that are listed here are authorized to access the hidden service

lists.sr.ht's OAuth client secret for meta.sr.ht.

paste.sr.ht's OAuth client secret for meta.sr.ht.

pages.sr.ht's OAuth client secret for meta.sr.ht.

Defines how users authenticate themselves to the server

Whether to ensure that this oauth2 resource server is present or absent.

Display name

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/Webhook/RBAC/Node)

Public SSH keys that can only be used to append new data (archives) to the repository

Sets the Authorization header on every remote read request with the configured username and password. password and password_file are mutually exclusive.

The address to listen on.

builds.sr.ht's OAuth client secret for meta.sr.ht.

Basic Auth protection for a vhost

The path relative to / for serving resources.

Secrets like SECRET_KEY_BASE and BASIC_AUTH_PASSWORD should be passed to the service without adding them to the world-readable Nix store

Path to your session secret

Sets the Authorization header on every scrape request with the configured credentials.

Optional slot number of the token that stores the certificate.

An SSH public key (as an absolute file path or directly as a string), usually generated by rad auth.

Kubernetes apiserver authorization policy file

Application image to display in the WebUI

Sets the Authorization header on every remote write request with the configured username and password. password and password_file are mutually exclusive.

Whether authentication is required to access the web app.

Operate in single user mode, disables all functionality related to multiple users and authentication

User which runs tailscale-nginx-auth

Absolute path to the certificate to load

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Optional PKCS#11 module name.

Path to your private key file used to encrypt OIDC JWTs.

EAP secret section for a specific secret

The basic secret to use for this service

Determines how multiple values are joined to create the claim value

File path where the logs will be written

Group which runs tailscale-nginx-auth

Sets the Authorization header on every scrape request with the configured username and password. password and password_file are mutually exclusive.

Hex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively

Identity the EAP/XAuth secret belongs to

When redirecting from the Kanidm Apps Listing page, some linked applications may need to land on a specific page to trigger oauth2/oidc interactions.

Maps kanidm groups to values for the claim.

The certificates may use a relative path from the swanctl x509ca directory or an absolute path

Enable legacy crypto on this client

HTTP username

HTTP password

List of CRL distribution points (ldap, http, or file URI)

If set, all sae password entries that have a non-wildcard MAC associated to them will additionally be used to populate the MAC allow list

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

HTTP password

HTTP username

Use 'name' instead of 'spn' in the preferred_username claim

The username/email in case SMTP auth is enabled.

Basic Auth password file for a vhost

List of OCSP URIs

The authentication method, either OAuth or ManagedIdentity

Whether to enable tailscale.nginx-auth, to authenticate users via tailscale.

Whether to also log to stdout when a file_path is defined.

Absolute path to a file containing environment variables used for gitlab-runner registrations with runner authentication tokens

File containing the secret token when using the Synapse HTTP Antispam module to be used in place of services.draupnir.settings.web.synapseHTTPAntispam.authorization

The read permissions to include for this token

Path to your storage encryption key.

The read permissions to include for this token

Whether claim maps not specified here but present in kanidm should be removed from kanidm.

This depends on mail_smtpmode

Value of the EAP/XAuth secret

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Required file that needs to contain the cachix auth token.

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Basic Auth password file for a vhost

The tailscale-nginx-auth package to use.

Basic Auth protection for a vhost

Basic Auth password file for a vhost

Basic Auth protection for a vhost

If this attribute is given with non-zero length, it will set the password identifier for this entry

HTTP username

HTTP password

Sets the password for WPA-PSK

Whether to enable guests to login if auth is enabled.

Basic Auth protection for a vhost

Enable Metrics.

If this attribute is not included, or if is set to the wildcard address (ff:ff:ff:ff:ff:ff), the entry is available for any station (client) to use

If this attribute is given, SAE-PK will be enabled for this connection

If this attribute is given, all clients using this entry will get tagged with the given VLAN ID.

Basic Auth protection for a vhost

Basic Auth protection for a vhost

The address to listen on for metrics

Absolute file path to an SSH private key, usually generated by rad auth

List of emails to allow access to this vhost, or null to allow all.

List of groups to allow access to this vhost, or null to allow all.

Basic Auth protection for a vhost

Whether to enable tailscale.nginx-auth, to authenticate nginx users via tailscale.

API tokens to provision for the user in this organization.

Additional environment variables to provide to authelia

Sets allowed passwords for WPA3-SAE

Optional authentication information for token-based authentication: https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token It is mutually exclusive with auth_token and other authentication mechanisms.

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth protection for a vhost

Allow localhost redirects

Sets the password for WPA-PSK that will be converted to the pre-shared key

Disable PKCE on this oauth2 resource server to work around insecure clients that may not support it

Client XAuth username used in the XAuth exchange.

Basic Auth protection for a vhost

A unique identifier for this authentication token

Sets the password for WPA3-SAE

Basic Auth password file for a vhost

The password for this entry, read from the given file when starting hostapd

Whether to enable new users to login if auth is enabled.

Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets)

Sets the password(s) for WPA-PSK

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Path to the file containing the password for the root user if auth is enabled.

Grants all permissions in the associated organization.

Selects the authentication mode for this AP.

• "none": Don't configure any authentication

Restrictions for access from non-local IP addresses

The token value

The password for this entry

Basic Auth password file for a vhost

Whether to ensure that this user is present or absent.

A list of nginx virtual hosts to put behind tailscale.nginx-auth

HTTP password file

Maps kanidm groups to additionally returned oauth scopes

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

The path to the file with the password in case SMTP auth is enabled.

The organization's buckets which should be allowed to be read

HTTP password file

Basic Auth protection for a vhost

Grants all permissions in all organizations.

Basic Auth username used to connect to remote_write endpoint

Basic Auth username used to connect to remote_write endpoint

Basic Auth password file for a vhost

The organization's buckets which should be allowed to be written

Defines the base URI for the Hash and URL feature supported by IKEv2

Defines the mapping from system users to database users

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

The path to a file containing the secret_key_base secret

Basic Auth password file for a vhost

Optional Authorization header configuration.

Sets the authentication type

Optional OAuth 2.0 configuration

HTTP password file

Auth proxy header name.

Enable authorization using auth proxy.

Time to schedule IKE reauthentication

File that contains the Basic Auth password used to connect to remote_write endpoint

File that contains the Basic Auth password used to connect to remote_write endpoint

If set, will use peer auth instead of connecting to a Postgres server

Optional Authorization header configuration.

Sets the authentication type

Scopes for the token request.

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Optional authentication information for token-based authentication: https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token It is mutually exclusive with auth_token_file and other authentication mechanisms.

Basic Auth password file for a vhost

Whether to enable starting teleport in insecure mode

Optional OAuth 2.0 configuration

Basic Auth protection for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth protection for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Kubernetes apiserver CA file for client auth.

The path to a file containing the database password

Optional Authorization header configuration.

Optional Authorization header configuration.

Optional Authorization header configuration.

Optional Authorization header configuration.

Sets the authentication type

Sets the authentication type

Sets the authentication type

Sets the authentication type

Basic Auth protection for a vhost

Additionally enable the recommended set of pairwise ciphers

Basic Auth protection for a vhost

Scopes for the token request.

Optional HTTP basic authentication information.

Basic Auth protection for a vhost

Basic Auth protection for a vhost

Authentication information used to authenticate to the API server. password and password_file are mutually exclusive.

OAuth client ID.

The URL to fetch the token from.

Prompt for login with an html login mask if enabled, otherwise prompt for basic auth (useful for SSO)

Optional OAuth 2.0 configuration

Optional OAuth 2.0 configuration

Optional OAuth 2.0 configuration

Optional OAuth 2.0 configuration

Basic Auth protection for a vhost

The path to a file containing the secret_key_base secret

Basic Auth username used to protect VictoriaLogs instance by authorization

Default 2FA method for new users and fallback for preferred but disabled methods.

Optional description for the API token

Optional Authorization header configuration.

Sets the authentication type

An environment file as defined in systemd.exec(5)

Sets the credentials

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth protection for a vhost

Scopes for the token request.

Scopes for the token request.

Scopes for the token request.

Scopes for the token request.

Known homeservers

Optional HTTP basic authentication information.

Basic Auth password file for a vhost

Basic Auth protection for a vhost

File that contains the Basic Auth password used to protect VictoriaLogs instance by authorization

The URL to fetch the token from.

OAuth client ID.

Basic Auth password file for a vhost

Optional OAuth 2.0 configuration

Basic Auth protection for a vhost

Sets the authentication type

Sets the authentication type

Optional Authorization header configuration.

Optional Authorization header configuration.

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Sets the credentials

HTTP username

HTTP username

HTTP password

HTTP password

Basic Auth password file for a vhost

Scopes for the token request.

Optional HTTP basic authentication information.

Optional HTTP basic authentication information.

Optional HTTP basic authentication information.

Optional HTTP basic authentication information.

OAuth client ID.

The URL to fetch the token from.

OAuth client ID.

The URL to fetch the token from.

OAuth client ID.

The URL to fetch the token from.

OAuth client ID.

The URL to fetch the token from.

Basic Auth password file for a vhost

Sets the credentials

Sets the credentials

Sets the credentials

Sets the credentials

Optional OAuth 2.0 configuration

Optional OAuth 2.0 configuration

Basic Auth protection for a vhost

Basic Auth password file for a vhost

HTTP password

HTTP username

Basic Auth password file for a vhost

OAuth client secret.

To configure Microsoft/Azure auth, you'll need to create an OAuth Client

To configure generic OIDC auth, you'll need some kind of identity provider

Either the raw pre-shared key in hexadecimal format or the name of the secret (as defined inside networking.wireless.secretsFile and prefixed with ext:) containing the network pre-shared key.

To configure Slack auth, you'll need to create an Application at https://api.slack.com/apps

When configuring the Client ID, add a redirect URL under "OAuth & Permissions" to https://[publicUrl]/auth/slack.callback.

Optional HTTP basic authentication information.

Sets the credentials

Scopes for the token request.

Scopes for the token request.

Basic Auth username used to protect VictoriaTraces instance by authorization

The URL to fetch the token from.

OAuth client ID.

Sets the authentication type

Optional Authorization header configuration.

HTTP password

HTTP password

HTTP password

HTTP password

HTTP username

HTTP username

HTTP username

HTTP username

To configure Google auth, you'll need to create an OAuth Client ID at https://console.cloud.google.com/apis/credentials

When configuring the Client ID, add an Authorized redirect URI to https://[publicUrl]/auth/google.callback.

List of email domains to allow access to this vhost, or null to allow all.

OAuth client secret.

Basic Auth password file for a vhost

To configure Discord auth, you'll need to create an application at https://discord.com/developers/applications/

See https://docs.getoutline.com/s/hosting/doc/discord-g4JdWFFub6 for details on setting up your Discord app.

File that contains the Basic Auth password used to protect VictoriaTraces instance by authorization

Sets the credentials

Sets the credentials

Sets the credentials to the credentials read from the configured file

Basic Auth protection for a vhost

Optional HTTP basic authentication information.

Optional HTTP basic authentication information.

Sets the authentication type

OAuth client ID.

The URL to fetch the token from.

The URL to fetch the token from.

OAuth client ID.

Optional Authorization header configuration.

Optional parameters to append to the token URL.

HTTP username

HTTP password

HTTP password file

HTTP password file

OAuth client secret.

OAuth client secret.

OAuth client secret.

OAuth client secret.

Sets the credentials to the credentials read from the configured file

Basic Auth username used to protect VictoriaMetrics instance by authorization

Optional OAuth 2.0 configuration

Sets the authentication type

Basic Auth password file for a vhost

Optional Authorization header configuration.

Optional parameters to append to the token URL.

File that contains the Basic Auth password used to protect VictoriaMetrics instance by authorization

Sets the credentials to the credentials read from the configured file

Sets the credentials to the credentials read from the configured file

Sets the credentials to the credentials read from the configured file

Sets the credentials to the credentials read from the configured file

HTTP password file

Scopes for the token request.

Basic Auth protection for a vhost

OAuth client secret.

HTTP password

HTTP username

HTTP username

HTTP password

Sets the credentials

Optional OAuth 2.0 configuration

Sets the credentials to the credentials read from the configured file

Optional parameters to append to the token URL.

Optional parameters to append to the token URL.

Optional parameters to append to the token URL.

Optional parameters to append to the token URL.

HTTP password file

HTTP password file

HTTP password file

HTTP password file

Optional HTTP basic authentication information.

The URL to fetch the token from.

OAuth client ID.

OAuth client secret.

OAuth client secret.

Scopes for the token request.

Sets the credentials

Basic Auth password file for a vhost

Sets the credentials to the credentials read from the configured file

Sets the credentials to the credentials read from the configured file

Optional parameters to append to the token URL.

Optional OAuth 2.0 configuration

Read the client secret from a file

HTTP password file

Optional HTTP basic authentication information.

Sets the credentials

OAuth client ID.

The URL to fetch the token from.

HTTP password

HTTP username

Scopes for the token request.

Read the client secret from a file

Optional parameters to append to the token URL.

Optional parameters to append to the token URL.

HTTP password file

HTTP password file

Sets the credentials to the credentials read from the configured file

OAuth client secret.

Optional HTTP basic authentication information.

Read the client secret from a file

Read the client secret from a file

Read the client secret from a file

Read the client secret from a file

OAuth client ID.

The URL to fetch the token from.

HTTP username

HTTP password

Sets the credentials to the credentials read from the configured file

Read the client secret from a file

OAuth client secret.

HTTP password

HTTP username

Optional parameters to append to the token URL.

HTTP password file

Sets the credentials to the credentials read from the configured file

Read the client secret from a file

Read the client secret from a file

OAuth client secret.

Optional parameters to append to the token URL.

HTTP password file

Optional parameters to append to the token URL.

HTTP password file

Read the client secret from a file

Read the client secret from a file

Read the client secret from a file

Learn more at https://docs.stashapp.cc/networking/authentication-required-when-accessing-stash-from-the-internet/

List of plugins to load automatically for all users

Whether to enable Google OS Login

If set, keys listed in ~/.ssh/authorized_keys and ~/.eid/authorized_certificates can be used to log in with the associated PKCS#11 tokens.

Specifies which users are considered “administrators”, for those actions that require the user to authenticate as an administrator (i.e. have an auth_admin value)

Whether to enable hostapd, a user space daemon for access point and authentication servers

Duo Unix reports the IP address of the authorizing user, for the purposes of authorization and whitelisting

Connection string for accessing pgBouncer

If set, the calling user's SSH agent is used to authenticate against the keys in the calling user's ~/.ssh/authorized_keys

Whether to enable the dp9ik pam module provided by tlsclient

Whether to enable the Howdy PAM module

Ensures that the specified users exist and have at least the ensured permissions

Some servers have invalid or self-signed certificates

Ensures that the specified users exist

A list of NTLM/NTLMv2 authenticating HTTP proxies

Absolute path to a file with environment variables used for gitlab-runner registration with runner registration tokens

Whether to enable the Howdy PAM module

Path to the API key to authenticate with a local CrowdSec API

Enables Kerberos PAM modules (pam-krb5, pam-ccreds)

Force servers to use encrypted connections? This option will prevent servers from authenticating unless they are using encryption

The password to authenticate to PostgreSQL with

Section for a remote authentication round

The password to authenticate to PostgreSQL with

Use these credentials to authenticate during the HTTP upgrade request (Basic authorization type, USER:[PASS]).

Specifies if mapped OpenID Connect accounts are automatically created upon successful authentication

Allowed principal domains. if an authenticated user's domain is not in this list authentication request will be rejected.

Specifies if mapped OpenID Connect accounts are automatically created upon successful authentication

If set, will use the pam_oslogin_login's user authentication methods to authenticate users using 2FA

Enables Yubico PAM (yubico-pam) module

Whether to enable NSD authoritative DNS server.

Whether to enable Knot authoritative-only DNS server.

If set, users listed in ~/.yubico/authorized_yubikeys are able to log in with the associated Yubikey tokens.

Authorization group memberships to require

(Read-only) the path to the final bundle of certificate authorities as a single file.

If true, do not ask for a password again for some time after the user successfully authenticates.

If a user fails to authenticate with a second factor, Duo Unix will prompt the user to authenticate again

List of zones we claim authority over.

An attribute set that will be used to substitute variables when building the dashboard

Enables support for authenticating with a GPG encrypted password.

If set, then the authenticating user must be a member of this group to use this module.

DNS zones to be forwarded to other authoritative servers.

The port the certificate authority should listen on

Whether to enable authenticating using a signature performed by the ssh-agent.

Enables support for authenticating with FIDO2 devices.

Whether to enable the smallstep certificate authority server.

A set of CAs (certification authorities) and their options for the ‘ca xxx’ sections of the ipsec.conf file.

If you do not enable one of the rpc or httprpc plugins you need to expose an RPC mount through scgi using this option

Certificate Authority file for MQTT server access.

Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts)

Skydns list of nameservers to forward DNS requests to when not authoritative for a domain.

The name of the column in the log table to which the name of the user being authenticated is stored.

The name of the column in the log table to which the name of the user being authenticated is stored.

Skydns path of TLS certificate authority public key.

Certificate authority file to use for clients

Etcd certificate authority file

File containing additional config environment variables for alertmanager-gotify-bridge

Whether to enable the Pomerium authenticating reverse proxy.

Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address

The list of the email addresses of the listmasters (users authorized to perform global server commands).

The address (without port) the certificate authority should listen at

Certificate authority file to use for peer to peer communication

Whether to enable Authenticated room creation.

Whether to enable opening the certificate authority server port.

Whether to enable authenticating using a signature performed by the ssh-agent

Enables support for authenticating with a YubiKey on LUKS devices

Path to the certificate authority certificate.

Which LDAP group attribute to search for authorized role ARNs

Default kubernetes certificate authority

Set the TTY audit flag when opening the session, but do not restore it when closing the session

If set, users with enabled Google Authenticator (created ~/.google_authenticator) will be required to provide Google Authenticator token to log in.

Whether to allow TRIM requests to the underlying device

File containing trusted certification authorities (CA) to verify certificates of mailservers contacted for mail delivery

Specifies the bind address on which the irker daemon listens

Set to true for unauthenticated emergency access, and false or null for no emergency access

Minimum amount of usable tokens

If set, users with an SSH certificate containing an authorized principal in their SSH agent are able to log in

Method for the initial state transfer (wsrep_sst_method) when a node joins the cluster

The email address to use to authenticate to CloudFlare.

The path to a file containing the token used to authenticate with DuckDNS.

Clients' authorizations for a v3 onion service, as a list of files containing each one private key, in the format:

descriptor:x25519:<base32-private-key>

See torrc manual.

This public key is an SSH certificate authority, rather than an individual host's key.

URL to retrieve authorized Intel SGX enclave signers.

The ntfy-sh user to use for authenticating with the ntfy-sh instance

Path certificate authority used to sign the cluster certificates.

Optional client ID

Optional tenant ID

Force clients to use encrypted connections? This option will prevent clients from authenticating unless they are using encryption.

If set, root doesn't need to authenticate (e.g. for the useradd service).

The path to a file containing the API Token used to authenticate with CloudFlare.

This public key is an SSH certificate authority, rather than an individual host's key.

The path to a file containing the API Key used to authenticate with CloudFlare.

A file containing the RPC secret authorization token

IPs and subnets that are authorized to connect for this device

Username to authenticate with.

The path to the SSH private key with which to authenticate on the build machine

Enable or disable PKCE (Proof Key for Code Exchange) support

Optional client secret

Authorized password to the opposite end of the tunnel.

Authorized password to the opposite end of the tunnel.

If set, the pam_mysql module will be used to authenticate users against a MySQL/MariaDB database.

Used for optionally authenticating with Elasticsearch.

Certification Authority file for MQTT

File path containing the password to authenticate with.

Default kubeconfig certificate authority file used to connect to kube-apiserver.

Whether to enable requiring clients to authenticate via certificates.

Whether to enable lldap, a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication.

The minimum authorized brightness value, e.g. to avoid the display going dark.

The username value that you have to provide when authenticating.

Whether to enable isso, a commenting server similar to Disqus

If set, the calling user's SSH agent is used to authenticate against the configured keys

Kubernetes proxy certificate authority file used to connect to kube-apiserver.

The password file containing the value that you have to provide when authenticating.

Whether to make sshd look up authorized keys from SSS

A YAML file containing secrets such as database or user passwords

Custom query parameters to send with the Authorize Endpoint request.

Kubelet certificate authority file used to connect to kube-apiserver.

Path of the socket listening to authorization requests.

Whether to include authentication against LDAP in login PAM.

Path to file containing password for optionally authenticating with Elasticsearch.

One of:

• "Primary" (the master, authority for the zone).
• "Secondary" (the slave, replicated from the primary).
• "External" (a cached zone that queries other nameservers)

Path to the Unbound server certificate authority

Whether to enable a web app for the meme bingo, rendered entirely on the web server and made interactive with forms

Username to authenticate against the SMTP relay

Path to the signing key file for authenticated media.

Kubernetes controller manager certificate authority file included in service account's token secret.

This depends on mail_smtpauth

Path to the certificate authority (CA) for the certificate of your origin

Public server registry password, used authenticate your server to the registry to prevent impersonation; required for subsequent registry updates.

Whether to enable authentication against an LDAP server.

Specifies the username to use when authenticating to the database.

If the master is password protected (using the requirePass configuration) it is possible to tell the slave to authenticate before starting the replication synchronization process, otherwise the master will refuse the slave request. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)

Whether to automatically register the bouncer to the locally running crowdsec service

Shared secret token to authenticate the client

Shared secret token to authenticate the client

Specifies the password that must be supplied for the default Bacula Console to be authorized

Specifies the password that must be supplied for the default Bacula Console to be authorized

Kubernetes scheduler certificate authority file used to connect to kube-apiserver.

Allows the generation of a private key and associated self-signed certificate

Whether to enable authentication against a MySQL/MariaDB database.

Whether to enable Soteria, a Polkit authentication agent for any desktop environment.

Section for a local authentication round

Sets the server id used to authenticate with Blackfire

You can find your personal server-id at https://blackfire.io/my/settings/credentials

The named AWS profile used to authenticate.

Only applies if enableVirtualUsers is true

Sets the server token used to authenticate with Blackfire

You can find your personal server-token at https://blackfire.io/my/settings/credentials

The password used to authenticate the XMPP component to your XMPP server

Kubernetes controller manager certificate authority file used to connect to kube-apiserver.

This is optional and is by default off, because most users will not need it

Username which should be used to authenticate against the MQTT broker.

This is optional and is by default off, because most users will not need it

Username to authenticate with.

Whether to enable Howdy and its PAM module for face recognition

The name of the column or an SQL expression that indicates the status of the user

Specifies the MAC (message authentication code) algorithms in order of preference

The secret or JSON Web Key (JWK) (or set) used to decode JWT tokens clients provide for authentication

The user to authenticate as.

Interfaces for which to start wpa_supplicant

Optional username used for authentication with redis.

The email address used to authenticate as this account

Private key to authenticate with.

SMTP authentication login used when sending outgoing mail.

The path to netrc file for upstream authentication

Users allowed to authenticate even if not in allowedDomains.

API Key to authenticate with the Moonraker APIs

Whether to use certs for client authentication

Whether to enable OpenID Connect SSH authentication.

API key to authenticate with a local crowdsec API

"Peer verification string"

Custom logo displayed on the authentication screen

When calling the proxy endpoint, the value of HTTP_AUTHORIZATION will be used to set the HTTP Authorization header.

File containing the password to authenticate with

Username for basic http authentication.

Enables logging of authentication attempts in the MySQL database.

The USBGuard daemon modifies some attributes of controller devices like the default authorization state of new child device instances

Username to authenticate with the target device.

Sets the Authorization header on every remote read request with the configured bearer token

Message to display to the remote user before authentication is allowed.

To support sending outgoing transactional emails such as "document updated" or "you've been invited" you'll need to provide authentication for an SMTP server.

Sets the Authorization header on every remote write request with the configured bearer token

Certificate to authenticate with.

Path to the secret jwt used for the http api authentication.

Authentication token

Enable LDAP-Authentication for Netbox

Whether to enable Network Time Security authentication

Sets the Authorization header on every scrape request with the configured bearer token

The name of the column in the log table to which the pid of the process utilising the pam_mysql authentication service is stored.

List of valid URIs of the http ports of your elastic nodes

Require authentication of the STUN Binding request

Whether to enable OpenDKIM sender authentication system.

Enable client authentication

Path to a file containing the metrics authentication token.

Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client.

Enable the shadow authentication suite, which provides critical programs such as su, login, passwd

SMTP authentication password used when sending outgoing mail.

If specified, Duo authentication is required only for users whose primary group or supplementary group list matches one of the space-separated pattern lists

Path to the Configuration-File for LDAP-Authentication, will be loaded as ldap_config.py

Authentication algorithm for this key.

Whether to enable Portunus, a self-contained user/group management and authentication service for LDAP.

File containing the password to use for basic http authentication

Path to the unix socket file to use for authentication.

This option sets pam "control"

On service or configuration errors that prevent Duo authentication, fail "safe" (allow access) or "secure" (deny access)

This option sets pam "control"

Whether to enable PAM authentication.

The password for Lavalink's authentication in plain text.

Redis username for authentication (for Redis ACL).

Redis password for authentication (for Redis ACL).

This option sets pam "control"

Path to a file which contains the password to authenticate with the target device

The user used for database authentication.

The password used for database authentication.

The path to a file containing the PASSWORD environment variable definition for Podgrab's authentication.

Credentials are used to authenticate the requests to Uyuni API.

Credentials are used to authenticate the requests to Uyuni API.

Specifies the key lib.types that will be used for public key authentication.

Path to the unix socket file to use for authentication.

Whether to enable showing the PAM failure message on authentication error (useful for OTPW).

User used for authentication.

Default Alerta authentication token

Whether to enable the slurm control daemon

Force certificate authentication for server-to-server connections? This provides ideal security, but requires servers you communicate with to support encryption AND present valid, trusted certificates

Path to the unix socket file to use for authentication.

If set to true, any remote host can connect to and control this BOINC client (subject to password authentication)

File containing the redis password for authentication (for Redis ACL).

The credentials to access the web interface, in case authentication is enabled, in the format username:hash

This option sets pam "control"

Enable OIDC-Authentication for Peering Manager

Path to the unix socket file to use for authentication.

Path to the unix socket file to use for authentication.

Enable LDAP-Authentication for Peering Manager

Whether to enable U2F support in the i3lock program

The client authentication stance for this policy.

Attrset of the LibreNMS configuration

Path to the unix socket file to use for authentication.

Sets the Authorization header on every remote read request with the bearer token read from the configured file

Cassandra ships with JMX accessible only from localhost

IMAP authentication configuration for rspamd-trainer

Sets the Authorization header on every remote write request with the bearer token read from the configured file

Path to the unix socket file to use for authentication.

HTTP Basic Authentication

IKE identity to use for authentication round

Whether to log authentication failures in /var/log/faillog.

Whether X authentication keys should be passed from the calling user to the target user (e.g. for su)

Path to the unix socket file to use for authentication.

Path to the Configuration-File for OIDC-Authentication, will be loaded as oidc_config.py

If true, Duo Unix will automatically send a push login request to the user’s phone, falling back on a phone call if push is unavailable

local database using UNIX socket authentication

Path to the Configuration-File for LDAP-Authentication, will be loaded as ldap_config.py

Sets the Authorization header on every scrape request with the bearer token read from the configured file

IKE identity to expect for authentication round

Path to the unix socket file to use for authentication.

Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files

Whether to enable IR emitter hardware

Tag list

Whether to enable a local Redis database using UNIX socket authentication.

The application_credential_id or application_credential_name fields are required if using an application credential to authenticate

Path to the unix socket file to use for authentication.

MTA requires authentication.

MTA authentication username.

The username OnlyOffice should use to connect to Postgresql

List of certificate candidates to use for authentication

Whether to enable the OpenAFS server

Hostname of the database to connect to

Kubernetes apiserver CA file for client authentication.

The application_credential_id or application_credential_name fields are required if using an application credential to authenticate

List of raw public key candidates to use for authentication

Send certificate payloads when using certificate authentication.

• With the default of ifasked the daemon sends certificate payloads only if certificate requests have been received.
• never disables sending of certificate payloads altogether,
• always causes certificate payloads to be sent unconditionally whenever certificate authentication is used

Path to the unix socket file to use for authentication.

This variable must be set to use JWT token authentication.

Server side EAP-Identity to expect in the EAP method

How much the iteration count for PBKDF2 is increased at each successful authentication.

A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms.

If set, use the Duo Security pam module pam_duo for authentication

Whether to enable a local database using UNIX socket authentication.

Path to the unix socket file to use for authentication.

You MUST specify a hash password for the root user (which you only need to initially set up the system and in case you lose connectivity to your authentication backend) This password cannot be changed using the API or via the web interface

Authentication token for connecting to InfluxDB.

Optional password for securing cluster communications

Path to the secret bearer token used for the http api authentication.

Configuration written to guacamole.properties.

Kubernetes apiserver token authentication file

Kubernetes apiserver basic authentication file

SMTP configuration

Whether to fall back to WPA2 authentication protocols if WPA3 failed

Register to run untagged builds; defaults to true when tagList is empty

The network's pre-shared key in plaintext defaulting to being a network without any authentication.

The user to log in into NUT server

Password used for authentication

Path to file containing the MTA authentication password.

Whether to automatically create the database for Umami using PostgreSQL

When set to true Runner will only run on pipelines triggered on protected branches

Path to a file that contains the password OnlyOffice should use to connect to Postgresql

Path to configuration file that can enable TLS or authentication.

Connection uniqueness policy to enforce

Type of TLS authentication with the SMTP server

What is the maximum timeout (in seconds) that will be set for job when using this Runner. 0 (default) simply means don't limit

Password file for the postgresql connection

Set of IP subnets which are permitted to utilize internal API authentication

This is the full URL used to access Grafana from a web browser

Omits password checking, allowing anyone to log in with any user name unless other mandatory authentication methods (eg TLS client certificates) are configured.

Set of IP subnets which are permitted to utilize internal API authentication

Whether to enable the kerberos authentication server.

EAP secret section for a specific secret

Set of IP subnets which are permitted to utilize internal API authentication

Defines if LDAP will be used for user authentication

Whether to enable basic access authentication for Suwayomi-Server

Defines if OpenID Connect will be used for user authentication

NTLM secret section for a specific secret

OpenID authentication scopes.

Authentication client identifier.

Location of the cluster-join-token.key file

Whether to publish privacy-sensitive authentication credentials

Authentication key.

Path to CA certificate to use for client authentication.

Whether to create database and user on the local machine if they do not exist

Authentication client identifier.

Key file for client cert authentication to the server.

Path to a file containing the Cloudflare API authentication token

Station MAC address -based authentication

Authentication client identifier.

Path to configuration file that can enable TLS or authentication.

Key file for client cert authentication to the server.

File path containing the authentication secret.

Display name for OIDC authentication.

Authentication client identifier.

Certificate file for client cert authentication to the server.

Use services.mattermost.environmentFile to configure the database instead of writing the database URI to the Nix store

Certificate file for client cert authentication to the server.

File path containing the authentication secret.

Specifies a file that lists principal names that are accepted for certificate authentication

Key file for client cert authentication to the server.

Authentication application resource ID.

Username for connecting to Nextcloud

The project_id and project_name fields are optional for the Identity V2 API

File path containing the authentication secret.

Make the Podman and Docker compatibility API available over the network with TLS client certificate authentication

File path containing the authentication secret.

Certificate file for client cert authentication to the server.

The authentication provides a single field requiring the user's password followed by the one-time password (OTP).

The path to the file holding the credentials to access the web interface

File path containing the authentication secret.

The project_id and project_name fields are optional for the Identity V2 API

Specifies whether password authentication is allowed.

Username for authentication against JFrog Artifactory API.

Access token for authentication against JFrog Artifactory API

Password for authentication against JFrog Artifactory API

Section for a certificate candidate to use for authentication

Section for a certificate candidate to use for authentication

Optional numeric identifier by which authentication rounds are sorted

Disable client authentication, no client certificate will be required.

The path to the client key

List of certificates to accept for authentication

Optional numeric identifier by which authentication rounds are sorted

Section for a CA certificate to accept for authentication

Identity to use as peer identity during EAP authentication

Username to use for SMTP authentication.

Specifies whether keyboard-interactive authentication is allowed.

List of CA certificates to accept for authentication

List of raw public keys to accept for authentication

The path to the client cert

Identity in CA certificate to accept for authentication

The application_credential_secret field is required if using an application credential to authenticate.

Password to use for SMTP authentication.

This option will ensure that team memberships for OpenID Connect users are dynamic and synchronized with membership of OpenID Connect groups or assigned roles

Disable client authentication, no client certificate will be required.

Send certificate request payloads to offer trusted root CA certificates to the peer

Secret key for authentication tokens

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Certificate file for client cert authentication to the server.

Certificate file for client cert authentication to the server.

Identity under which the peer is registered at the mediation server, that is, the IKE identity the other end of this connection uses as its local identity on its connection to the mediation server

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

This option will ensure that team memberships for OpenID Connect users are dynamic and synchronized with membership of OpenID Connect groups or assigned roles

List of additional allowed URLs to pass by the CSRF check

Certificate file for client cert authentication to the server.

Certificate file for client cert authentication to the server.

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Certificate file for client cert authentication to the server.

Certificate file for client cert authentication to the server.

Certificate file for client cert authentication to the server.

Certificate file for client cert authentication to the server.

Certificate file for client cert authentication to the server.

Key file for client cert authentication to the server.

password for the Identity V2 and V3 APIs

Certificate file for client cert authentication to the server.

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Key file for client cert authentication to the server.

Certificate file for client cert authentication to the server.

Certificate file for client cert authentication to the server.

Certificate file for client cert authentication to the server.

Key file for client cert authentication to the server.

List of allowed headers to be set by the user

Certificate file for client cert authentication to the server.

Key file for client cert authentication to the server.

Certificate file for client cert authentication to the server.

Key file for client cert authentication to the server.

Certificate file for client cert authentication to the server.

Key file for client cert authentication to the server.

Certificate file for client cert authentication to the server.