| services.outline.logo | Custom logo displayed on the authentication screen
|
| services.plantuml-server.httpAuthorization | When calling the proxy endpoint, the value of HTTP_AUTHORIZATION will be used to set the HTTP Authorization header.
|
| networking.openconnect.interfaces.<name>.passwordFile | File containing the password to authenticate with
|
| services.ttyd.username | Username for basic http authentication.
|
| users.mysql.pam.logging.enable | Enables logging of authentication attempts in the MySQL database.
|
| services.usbguard.restoreControllerDeviceState | The USBGuard daemon modifies some attributes of controller
devices like the default authorization state of new child device
instances
|
| services.prometheus.exporters.fritz.settings.devices.*.username | Username to authenticate with the target device.
|
| services.prometheus.remoteRead.*.bearer_token | Sets the Authorization header on every remote read request with
the configured bearer token
|
| services.openssh.banner | Message to display to the remote user before authentication is allowed.
|
| services.outline.smtp | To support sending outgoing transactional emails such as
"document updated" or "you've been invited" you'll need to provide
authentication for an SMTP server.
|
| services.prometheus.remoteWrite.*.bearer_token | Sets the Authorization header on every remote write request with
the configured bearer token
|
| networking.openconnect.interfaces.<name>.certificate | Certificate to authenticate with.
|
| services.erigon.secretJwtPath | Path to the secret jwt used for the http api authentication.
|
| services.factorio.token | Authentication token
|
| services.netbox.enableLdap | Enable LDAP-Authentication for Netbox
|
| services.chrony.enableNTS | Whether to enable Network Time Security authentication
|
| services.prometheus.scrapeConfigs.*.bearer_token | Sets the Authorization header on every scrape request with
the configured bearer token
|
| users.mysql.pam.logging.pidColumn | The name of the column in the log table to which the pid of the
process utilising the pam_mysql authentication
service is stored.
|
| services.graylog.elasticsearchHosts | List of valid URIs of the http ports of your elastic nodes
|
| services.coturn.secure-stun | Require authentication of the STUN Binding request
|
| services.opendkim.enable | Whether to enable OpenDKIM sender authentication system.
|
| services.mongodb.enableAuth | Enable client authentication
|
| services.gitea.metricsTokenFile | Path to a file containing the metrics authentication token.
|
| services.iperf3.rsaPrivateKey | Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client.
|
| security.shadow.enable | Enable the shadow authentication suite, which provides critical programs such as su, login, passwd
|
| services.tt-rss.email.password | SMTP authentication password used when sending outgoing mail.
|
| security.duosec.groups | If specified, Duo authentication is required only for users
whose primary group or supplementary group list matches one
of the space-separated pattern lists
|
| services.netbox.ldapConfigPath | Path to the Configuration-File for LDAP-Authentication, will be loaded as ldap_config.py
|
| services.nsd.keys.<name>.algorithm | Authentication algorithm for this key.
|
| services.portunus.enable | Whether to enable Portunus, a self-contained user/group management and authentication service for LDAP.
|
| services.ttyd.passwordFile | File containing the password to use for basic http authentication
|
| services.gitea.database.socket | Path to the unix socket file to use for authentication.
|
| security.pam.u2f.control | This option sets pam "control"
|
| security.duosec.failmode | On service or configuration errors that prevent Duo
authentication, fail "safe" (allow access) or "secure" (deny
access)
|
| security.pam.p11.control | This option sets pam "control"
|
| services.openssh.settings.UsePAM | Whether to enable PAM authentication.
|
| services.lavalink.password | The password for Lavalink's authentication in plain text.
|
| services.ncps.cache.redis.username | Redis username for authentication (for Redis ACL).
|
| services.ncps.cache.redis.password | Redis password for authentication (for Redis ACL).
|
| security.pam.ussh.control | This option sets pam "control"
|
| services.prometheus.exporters.fritz.settings.devices.*.password_file | Path to a file which contains the password to authenticate with the target device
|
| services.misskey.settings.db.user | The user used for database authentication.
|
| services.misskey.settings.db.pass | The password used for database authentication.
|
| services.podgrab.passwordFile | The path to a file containing the PASSWORD environment variable
definition for Podgrab's authentication.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.password | Credentials are used to authenticate the requests to Uyuni API.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.username | Credentials are used to authenticate the requests to Uyuni API.
|
| programs.ssh.pubkeyAcceptedKeyTypes | Specifies the key lib.types that will be used for public key authentication.
|
| services.moodle.database.socket | Path to the unix socket file to use for authentication.
|
| services.dovecot2.showPAMFailure | Whether to enable showing the PAM failure message on authentication error (useful for OTPW).
|
| services.grafana.settings.smtp.user | User used for authentication.
|
| services.kapacitor.alerta.token | Default Alerta authentication token
|
| services.slurm.server.enable | Whether to enable the slurm control daemon
|
| services.prosody.s2sSecureAuth | Force certificate authentication for server-to-server connections?
This provides ideal security, but requires servers you communicate
with to support encryption AND present valid, trusted certificates
|
| services.zabbixWeb.database.socket | Path to the unix socket file to use for authentication.
|
| services.boinc.allowRemoteGuiRpc | If set to true, any remote host can connect to and control this BOINC
client (subject to password authentication)
|
| services.ncps.cache.redis.passwordFile | File containing the redis password for authentication (for Redis ACL).
|
| services.magnetico.web.credentials | The credentials to access the web interface, in case authentication is
enabled, in the format username:hash
|
| security.pam.yubico.control | This option sets pam "control"
|
| services.peering-manager.enableOidc | Enable OIDC-Authentication for Peering Manager
|
| services.forgejo.database.socket | Path to the unix socket file to use for authentication.
|
| services.redmine.database.socket | Path to the unix socket file to use for authentication.
|
| services.peering-manager.enableLdap | Enable LDAP-Authentication for Peering Manager
|
| programs.i3lock.u2fSupport | Whether to enable U2F support in the i3lock program
|
| services.neo4j.ssl.policies.<name>.clientAuth | The client authentication stance for this policy.
|
| services.librenms.settings | Attrset of the LibreNMS configuration
|
| services.zabbixProxy.database.socket | Path to the unix socket file to use for authentication.
|
| services.prometheus.remoteRead.*.bearer_token_file | Sets the Authorization header on every remote read request with the bearer token
read from the configured file
|
| services.cassandra.remoteJmx | Cassandra ships with JMX accessible only from localhost
|
| services.rspamd-trainer.settings | IMAP authentication configuration for rspamd-trainer
|
| services.prometheus.remoteWrite.*.bearer_token_file | Sets the Authorization header on every remote write request with the bearer token
read from the configured file
|
| services.kimai.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| services.gotenberg.enableBasicAuth | HTTP Basic Authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.id | IKE identity to use for authentication round
|
| security.pam.services.<name>.logFailures | Whether to log authentication failures in /var/log/faillog.
|
| security.pam.services.<name>.forwardXAuth | Whether X authentication keys should be passed from the
calling user to the target user (e.g. for
su)
|
| services.zabbixServer.database.socket | Path to the unix socket file to use for authentication.
|
| services.peering-manager.oidcConfigPath | Path to the Configuration-File for OIDC-Authentication, will be loaded as oidc_config.py
|
| security.duosec.autopush | If true, Duo Unix will automatically send
a push login request to the user’s phone, falling back on a
phone call if push is unavailable
|
| services.movim.database.createLocally | local database using UNIX socket authentication
|
| services.peering-manager.ldapConfigPath | Path to the Configuration-File for LDAP-Authentication, will be loaded as ldap_config.py
|
| services.prometheus.scrapeConfigs.*.bearer_token_file | Sets the Authorization header on every scrape request with
the bearer token read from the configured file
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id | IKE identity to expect for authentication round
|
| services.drupal.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| services.fwupd.extraTrustedKeys | Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files
|
| services.linux-enable-ir-emitter.enable | Whether to enable IR emitter hardware
|
| services.gitlab-runner.services.<name>.tagList | Tag list
|
| services.pixelfed.redis.createLocally | Whether to enable a local Redis database using UNIX socket authentication.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_id | The application_credential_id or application_credential_name fields are
required if using an application credential to authenticate
|
| services.mediawiki.database.socket | Path to the unix socket file to use for authentication.
|
| services.anuko-time-tracker.settings.email.smtpAuth | MTA requires authentication.
|
| services.anuko-time-tracker.settings.email.smtpUser | MTA authentication username.
|
| services.onlyoffice.postgresUser | The username OnlyOffice should use to connect to Postgresql
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs | List of certificate candidates to use for
authentication
|
| services.openafsServer.enable | Whether to enable the OpenAFS server
|
| services.keycloak.database.host | Hostname of the database to connect to
|
| services.kubernetes.kubelet.clientCaFile | Kubernetes apiserver CA file for client authentication.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_name | The application_credential_id or application_credential_name fields are
required if using an application credential to authenticate
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.pubkeys | List of raw public key candidates to use for
authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| services.limesurvey.database.socket | Path to the unix socket file to use for authentication.
|