Local user authentication#
This is the default authentication method used after a fresh installation of Bacularis. It uses a standard HTML login form on the web interface.
Security#
Usernames and password hashes are stored in an internal Bacularis user file. Password hashes are generated using the APR1-MD5 algorithm.
Multi-factor authentication (MFA)#
The following MFA options are supported:
TOTP 2FA – Time-based one-time passwords (e.g., Google Authenticator)
FIDO U2F – Hardware security keys (e.g., YubiKey)
Organization support#
Local users can belong to organizations or exist independently (outside any organization). All local usernames must be globally unique — across all organizations and standalone users. This means the same username cannot exist in two different organizations.
You can see it on the image below.

User provisioning#
Fully supported. Local user accounts can be automatically created and managed.
Settings form#
You can enable Local user authentication from:
[Main menu] => [Page: Security] => [Tab: Authentication] => [SubTab: Auth methods]
An example of the local login form is shown below:
