Configuration - Authentication
PDNS Manager features a plugin system to support different authentication
sources. It allows multiple sources to be active at the same time.
The distinction between the sources is done by prefixing the username.
So, for example, the username foo
will use the default source, while
ldap/foo
will use the source with prefix ldap
. Only the username
part will be passed to the plugin.
An example of the authentication configuration could be:
return [
...
'authentication' => [
'native' => [
'plugin' => 'native',
'prefix' => 'default',
'config' => null
],
'foo' => [
'plugin' => 'config',
'prefix' => 'bar',
'config' => [
'peter' => '$2y$10$twlIJ0hYeaHqMsiM7OdLr.4HkV6/EEQneDg9uZiU.l7yn1bpxSD1.'
]
]
]
...
];
The key in the array (called source identifier) must identify an
authentication source uniquely. It must not change for a given
authentication source, otherwise all permissions for those users
will be lost. native
is the reserved identifier for PDNS Managers
internal authentication added by the setup assistant.
The value has three properties:
plugin
the name of the authentication plugin to use (see rest of the
page for available options)
prefix
the prefix used to choose the source, if no prefix is provided
default
will be used. This can be used to allow users to login without
providing a prefix, if they use some sort of default authentication source.
This setting can be changed at any time.
config
this can contain plugin specific configuration data.
What this should be for, a specific plugin is provided below.
native Plugin
This plugin uses users directly in PDNS Managers database. They can be added and changed by administrators on the instance.
The source identifier for usage with this plugin must be native
.
The prefix can be chosen arbitrary.
No additional configuration data is required.
Example
return [
...
'authentication' => [
'native' => [
'plugin' => 'native',
'prefix' => 'default',
'config' => null
]
]
...
];
config Plugin
This plugin uses users directly given in the config file. It is mainly for testing puposes.
The config
field should be an associative array mapping usernames
to PHP password hashes optained by PHPs password_hash()
function.
Example
return [
...
'authentication' => [
'foo' => [
'plugin' => 'config',
'prefix' => 'default',
'config' => [
'peter' => '$2y$10$twlIJ0hYeaHqMsiM7OdLr.4HkV6/EEQneDg9uZiU.l7yn1bpxSD1.'
]
]
]
...
];