b590848f7dc5152f64d5c08f4c19a3b715c831c3 — Fran├žois Kooman 1 year, 4 months ago cf20234
document local database user authentication
2 files changed, 63 insertions(+), 0 deletions(-)

A DB_AUTH.md => DB_AUTH.md +62 -0
@@ 0,0 1,62 @@
# Database Authentication

By default the VPN server has database authentication for user accounts. The 
accounts are stored in the local database.

If you did not set any (other) `authModule` in your 
`/etc/vpn-user-portal/config.php` file, this is what you have.

To configure other ways of user authentication, look 

## Configuration

There is nothing to configure.

## User Management

You can manage the users using the `vpn-user-portal-account` tool.

### Add User

To add the user `foo`, use the following:

$ sudo vpn-user-portal-account --add foo

You'll be asked to provide the password (twice). After that, the account will
be created. It is also possible to specify the password when creating the user:

$ sudo vpn-user-portal-account --add foo --password s3cr3t

### List Users

You can list the users:

$ sudo vpn-user-portal-account --list

**NOTE**: currently only users that were (ever) logged in will be visible here, 
see [#125](https://todo.sr.ht/~eduvpn/server/125).

### Delete User

You can delete a user, e.g. to delete the user `foo`:

$ sudo vpn-user-portal-account --delete foo

If you do not want to ask for confirmation before deleting the account, you can 
use the `--force` flag.

### Disable / Enable User

$ sudo vpn-user-portal-account --disable foo
$ sudo vpn-user-portal-account --enable foo

@@ 49,6 49,7 @@ SQLite. We documented this [separately](DATABASE.md).
We support various user authentication mechanisms. We document all of them 

* [Local User Database](DB_AUTH.md) (default)
* [LDAP](LDAP.md)
* [SAML](SAML.md)
  * [Shibboleth](SHIBBOLETH_SP.md)