Local user authentication#

This is the default authentication method used after a fresh installation of Bacularis. It uses a standard HTML login form on the web interface.

Security#

Usernames and password hashes are stored in an internal Bacularis user file. Password hashes are generated using the APR1-MD5 algorithm.

Multi-factor authentication (MFA)#

The following MFA options are supported:

  • TOTP 2FA – Time-based one-time passwords (e.g., Google Authenticator)

  • FIDO U2F – Hardware security keys (e.g., YubiKey)

Organization support#

Local users can belong to organizations or exist independently (outside any organization). All local usernames must be globally unique — across all organizations and standalone users. This means the same username cannot exist in two different organizations.

You can see it on the image below.

../../_images/bacularis_authentication_local_auth_method_organization.png

User provisioning#

Fully supported. Local user accounts can be automatically created and managed.

Settings form#

You can enable Local user authentication from:

[Main menu] => [Page: Security] => [Tab: Authentication] => [SubTab: Auth methods]

An example of the local login form is shown below:

../../_images/bacularis_authentication_local_user_auth_method.png