Users Overview

Heimdall currently provides a built-in user database that allows individual users to have defined authentication (password) and login locations defined.

Further, if desired, a user can be configured as a read-only user, and Google Authenticator compatible two-factor authentication.

Required fields for each user include:

  • Username: the login of the user or JDBC connection
  • Password: The password of the user–please avoid using “:” as it may impact authentication
  • Hostname or IP address: One of

    • IPv4 IP address in the format defined here
    • IPv6 IP address in the format defined here
    • Subnet address defined with either an IPv4 or IPv6 network address plus “/” and the subnet size
    • A DNS hostname that resolves to one or more IPv4 or IPv6 addresses. If more than one is provided, than any resolved IP is allowed.
    • In the event no users are defined, than unrestricted access is allowed
    • If no hostnames or IPs are provided for a given user, then the user is provided unrestricted access from any network
  • Two Factor Authentication: If enabled, it will present bar-code that can be scanned into the Google Authenticator software, and an account code, which can be used in place of the bar-code. This ID is in addition to the normal password authentication the user will be required to provide.

  • Filter: (Optional) specify the administrative filter to restrict what resources the user can create and/or have access to.

Internally, passwords are stored in the same way that OpenLDAP stores them by default, i.e. Salted SHA. Example, {SSHA}cca9bbffe6879f8367ab681952da2f995bf1668f

If the Read-only option is selected for a user, they will not be able to implement any changed to the configuration, but will be able to access any resources allowed by their filter.