Users Overview
Heimdall currently provides a built-in user database that allows individual users to have defined authentication (password) and login locations defined.
Further, if desired, a user can be configured as a read-only user, and Google Authenticator compatible two-factor authentication.
Required fields for each user include:
- Username: the login of the user or JDBC connection
- Password: The password of the user–please avoid using “:” as it may impact authentication
-
Hostname or IP address: One of
- IPv4 IP address in the format defined here
- IPv6 IP address in the format defined here
- Subnet address defined with either an IPv4 or IPv6 network address plus “/” and the subnet size
- A DNS hostname that resolves to one or more IPv4 or IPv6 addresses. If more than one is provided, than any resolved IP is allowed.
- In the event no users are defined, than unrestricted access is allowed
- If no hostnames or IPs are provided for a given user, then the user is provided unrestricted access from any network
-
Two Factor Authentication: If enabled, it will present bar-code that can be scanned into the Google Authenticator software, and an account code, which can be used in place of the bar-code. This ID is in addition to the normal password authentication the user will be required to provide.
-
Filter: (Optional) specify the administrative filter to restrict what resources the user can create and/or have access to.
Internally, passwords are stored in the same way that OpenLDAP stores them by default, i.e. Salted SHA. Example, {SSHA}cca9bbffe6879f8367ab681952da2f995bf1668f
If the Read-only option is selected for a user, they will not be able to implement any changed to the configuration, but will be able to access any resources allowed by their filter.