Local user authentication#

This is the default authentication method used after fresh installation of Bacularis. This method uses an HTML form on the login screen to authenticate.

Security#

To store user names and the password hashes this method uses an internal Bacularis user file. Password hashes are calculated using APR1-MD5 hash algorithm.

Multi-factor authentication#

There are supported the following Bacularis MFA methods:

TOTP 2FA - this is time-based one time password method.

FIDO U2F - this is method that uses the hardware U2F security keys.

Organization support#

Local users can belong to organizations or not.

The username (login) has to be unique in all organizations with local users and for users without organization. Local users share the same namespace. This means that there is not possible to have the same user name in two different organizations. You can see it on the image below.

../../_images/bacularis_authentication_local_auth_method_organization.png

User provisioning#

This method fully supports the user provisioning.

Settings form#

The local user auth method you can enable on this page:

[Main menu] => [Page: Security] => [Tab: Authentication] => [SubTab: Auth methods]

Here you can see the local user authentication form:

../../_images/bacularis_authentication_local_user_auth_method.png

Local user authentication

Contents