
Authentication
**************


Defining Authentication Plugin
==============================

The default authentication plugin uses a JSON schema in etcd to lookup
users. To change to another plugin use the "--authentication-plugin"
switch. If the plugin has required configuration options you may also
need to use the "--authentication-plugin-kwargs".

   $ commissaire [...] \
   --authentication-plugin commissaire.authentication.httpauthbyfile
   --authentication-plugin-kwargs "filepath=/path/to/users.json"


Modifying Users
===============

By default commissaire will look at Etcd for user/hash combinations
under the "/commissaire/config/httpbasicauthbyuserlist" key.

commissaire can also use a local file for authentication using the
same JSON schema.

   {
       "username(string)": {
           "hash": "bcrypthash(string)"
       }...
   }


Generating a hash
-----------------

commctl has a built-in command for creating bcrypt hashes.

Note: **commctl** can be found in the commctl python package

   $ commctl create passhash
   Password:
   $2b$12$rq/RN.Y1WD0ZyKPpLJkFVOv3XdLxW5thJ3OEaRgaMMFCgzLzHjiJG
   $


Example
-------

   {
       "a": {
           "hash": "$2a$12$SQPstqN3Ci95hYZ4u/syluTx8M5wSVwfhcC.iiawjoVck7Qyh43Ni"
       }
   }


Using Etcd
==========

To put the configuration in Etcd set the
"/commissaire/config/httpbasicauthbyuserlist" key with valid JSON.

   (virtualenv)$ cat conf/users.json | etcdctl set '/commissaire/config/httpbasicauthbyuserlist'
   ...
