| services.code-server.auth | The type of authentication to use.
|
| programs.ente-auth.enable | Whether to enable Ente Auth.
|
| services.coturn.no-auth | This option is opposite to lt-cred-mech.
(TURN Server with no-auth option allows anonymous access)
|
| services.i2pd.proto.http.auth | Whether to enable webconsole authentication.
|
| programs.ente-auth.package | The ente-auth package to use.
|
| services.gns3-server.auth.user | Username used to access the GNS3 Server.
|
| services.tt-rss.auth.autoCreate | Allow authentication modules to auto-create users in tt-rss internal
database when authenticated successfully.
|
| services.tt-rss.auth.autoLogin | Automatically login user on remote or other kind of externally supplied
authentication, otherwise redirect to login form as normal
|
| services.gns3-server.auth.enable | Whether to enable password based HTTP authentication to access the GNS3 Server.
|
| services.yarr.authFilePath | Path to a file containing username:password. null means no authentication required to use the service.
|
| services.tor.settings.HidServAuth.*.auth | Authentication cookie.
|
| services.freeciv.settings.auth | Whether to enable server authentication.
|
| services.nipap.settings.auth.auth_cache_timeout | Seconds to store cached auth entries for.
|
| services.calibre-server.auth.mode | Choose the type of authentication used
|
| services.oauth2-proxy.setXauthrequest | Set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)
|
| services.calibre-server.auth.enable | Password based authentication to access the server
|
| services.calibre-server.auth.userDb | Choose users database file to use for authentication
|
| services.freshrss.authType | Authentication type for FreshRSS.
|
| services.deluge.authFile | The file managing the authentication for deluge, the format of this
file is straightforward, each line contains a
username:password:level tuple in plaintext
|
| services.tailscale.authKeyFile | A file containing the auth key
|
| services.microsocks.authOnce | If true, once a specific ip address authed successfully with user/pass,
it is added to a whitelist and may use the proxy without auth.
|
| services._3proxy.services.*.auth | Authentication type
|
| services.diod.authRequired | Allow clients to connect without authentication, i.e. without a valid MUNGE credential.
|
| services.gns3-server.auth.passwordFile | A file containing the password to access the GNS3 Server.
This should be a string, not a nix path, since nix paths
are copied into the world-readable nix store.
|
| services.xserver.displayManager.xpra.auth | Authentication to use when connecting to xpra
|
| services.bitlbee.authBackend | How users are authenticated
storage -- save passwords internally
pam -- Linux PAM authentication
|
| services.hqplayerd.auth.password | Password used for HQPlayer's WebUI
|
| services.hqplayerd.auth.username | Username used for HQPlayer's WebUI
|
| services.geth.<name>.authrpc.port | Port number of Go Ethereum Auth RPC API.
|
| services.bitlbee.authMode | The following authentication modes are available:
Open -- Accept connections from anyone, use NickServ for user authentication
|
| services.coturn.static-auth-secret-file | Path to the file containing the static authentication secret.
|
| services.openvpn.servers.<name>.authUserPass | This option can be used to store the username / password credentials
with the "auth-user-pass" authentication method
|
| services.tailscale.authKeyParameters | Extra parameters to pass after the auth key
|
| services.geth.<name>.authrpc.enable | Whether to enable Go Ethereum Auth RPC API.
|
| services.coturn.use-auth-secret | TURN REST API flag
|
| services.tor.relay.onionServices.<name>.authorizeClient.authType | Either "basic" for a general-purpose authorization protocol
or "stealth" for a less scalable protocol
that also hides service activity from unauthorized clients.
|
| services.nipap.authBackendSettings | auth.backends options to set in /etc/nipap/nipap.conf.
|
| services.oauth2-proxy.passBasicAuth | Pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream.
|
| services.geth.<name>.authrpc.address | Listen address of Go Ethereum Auth RPC API.
|
| services.ceph.global.authClientRequired | Enables requiring the cluster to authenticate itself to the client.
|
| services.coturn.static-auth-secret | 'Static' authentication secret value (a string) for TURN REST API only
|
| services.firezone.server.provision.accounts.<name>.auth.<name>.adapter | The auth adapter type
|
| networking.wireless.networks.<name>.auth | Use this option to configure advanced authentication methods
like EAP
|
| services.ceph.global.authClusterRequired | Enables requiring daemons to authenticate with eachother in the cluster.
|
| services.simplesamlphp.<name>.authSources | Auth sources options used by SimpleSAMLphp.
|
| services.microsocks.authUsername | Optional username to use for authentication.
|
| services.ceph.global.authServiceRequired | Enables requiring clients to authenticate with the cluster to access services in the cluster (e.g. radosgw, mds or osd).
|
| services.nipap.settings.auth.default_backend | Name of auth backend to use by default.
|
| services.mosquitto.listeners.*.authPlugins.*.options | Options for the auth plugin
|
| services.microsocks.authPasswordFile | Path to a file containing the password for authentication.
|
| services.firezone.server.provision.accounts.<name>.auth | All authentication providers to provision
|
| services.oauth2-proxy.basicAuthPassword | The password to set when passing the HTTP Basic Auth header.
|
| services.firezone.server.provision.accounts.<name>.auth.<name>.name | The name of this authentication provider
|
| services.saslauthd.mechanism | Auth mechanism to use
|
| services.tailscale.authKeyParameters.preauthorized | Whether to skip manual device approval.
|
| services.openvpn.servers.<name>.authUserPass.username | The username to store inside the credentials file.
|
| services.openvpn.servers.<name>.authUserPass.password | The password to store inside the credentials file.
|
| services.oauth2-proxy.tls.key | Path to private key file.
|
| services.tailscale.authKeyParameters.baseURL | Base URL for the Tailscale API.
|
| services.oauth2-proxy.scope | OAuth scope specification.
|
| services.mosquitto.listeners.*.authPlugins | Authentication plugin to attach to this listener
|
| services.gitlab.pages.settings | Configuration options to set in the GitLab Pages config
file
|
| security.pam.dp9ik.authserver | This controls the hostname for the 9front authentication server
that users will be authenticated against.
|
| services.oauth2-proxy.enable | Whether to enable oauth2-proxy.
|
| services.oauth2-proxy.clientID | The OAuth Client ID.
|
| services.mosquitto.listeners.*.authPlugins.*.plugin | Plugin path to load, should be a .so file.
|
| security.pam.u2f.settings.authfile | By default pam-u2f module reads the keys from
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set)
|
| services.oauth2-proxy.tls.enable | Whether to serve over TLS.
|
| services.chisel-server.authfile | Path to auth.json file
|
| services.oauth2-proxy.github.org | Restrict logins to members of this organisation.
|
| services.geth.<name>.authrpc.vhosts | List of virtual hostnames from which to accept requests.
|
| services.oauth2-proxy.keyFile | oauth2-proxy allows passing sensitive configuration via environment variables
|
| services.oauth2-proxy.package | The oauth2-proxy package to use.
|
| networking.wireless.networks.<name>.authProtocols | The list of authentication protocols accepted by this network
|
| services.oauth2-proxy.oidcIssuerUrl | The OAuth issuer URL.
|
| services.oauth2-proxy.cookie.name | The name of the cookie that the oauth_proxy creates.
|
| services.oauth2-proxy.github.team | Restrict logins to members of this team.
|
| services.oauth2-proxy.nginx.proxy | The address of the reverse proxy endpoint for oauth2-proxy
|
| services.oauth2-proxy.profileURL | Profile access endpoint.
|
| services.tailscale.authKeyParameters.ephemeral | Whether to register as an ephemeral node.
|
| services.oauth2-proxy.loginURL | Authentication endpoint
|
| services.oauth2-proxy.proxyPrefix | The url root path that this proxy should be nested under.
|
| services.oauth2-proxy.extraConfig | Extra config to pass to oauth2-proxy.
|
| services.outline.oidcAuthentication.authUrl | OIDC authentication URL endpoint.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.auth | Authentication to expect from remote
|
| boot.initrd.network.ssh.authorizedKeys | Authorized keys for the root user on initrd
|
| services.oauth2-proxy.passHostHeader | Pass the request Host Header to upstream.
|
| services.oauth2-proxy.provider | OAuth provider.
|
| services.oauth2-proxy.cookie.httpOnly | Set HttpOnly cookie flag.
|
| services.mosquitto.listeners.*.authPlugins.*.denySpecialChars | Automatically disallow all clients using #
or + in their name/id.
|
| services.oauth2-proxy.clientSecret | The OAuth Client Secret.
|
| services.oauth2-proxy.azure.tenant | Go to a tenant-specific or common (tenant-independent) endpoint.
|
| services.saslauthd.config | Configuration to use for Cyrus SASL authentication daemon.
|
| services.oauth2-proxy.cookie.expire | Expire timeframe for cookie.
|
| services.saslauthd.enable | Whether to enable saslauthd, the Cyrus SASL authentication daemon.
|
| services.oauth2-proxy.redirectURL | The OAuth2 redirect URL.
|
| boot.initrd.network.ssh.authorizedKeyFiles | Authorized keys taken from files for the root user on initrd
|
| services.oauth2-proxy.redeemURL | Token redemption endpoint
|
| services.oauth2-proxy.cookie.secret | The seed string for secure cookies.
|
| services.oauth2-proxy.google.groups | Restrict logins to members of these Google groups.
|