From 7fcb83987b775532313f1b65c445d67eb06d5454 Mon Sep 17 00:00:00 2001 From: mbshields Date: Thu, 13 Jul 2023 14:36:47 -0700 Subject: [PATCH] docs: add note about bcrypt for htpasswd (#110) Signed-off-by: mbshields --- docs/articles/authn-authz.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/articles/authn-authz.md b/docs/articles/authn-authz.md index f28b72f..8fbff84 100644 --- a/docs/articles/authn-authz.md +++ b/docs/articles/authn-authz.md @@ -4,9 +4,9 @@ > > - Authentication > -> - TLS, including mTLS -> - Username/password or token-based user authentication -> - LDAP +> - TLS, including mTLS +> - Username/password or token-based user authentication +> - LDAP > - htpasswd > > - Authorization @@ -152,6 +152,8 @@ configuration file, as shown in the following example. $ htpasswd -bBn >> /etc/zot/htpasswd + :pencil2: For strong security, make sure to use the -B option, specifying the bcrypt hashing algorithm. This is the only algorithm supported by zot for `htpasswd`. + 2. Enable `htpasswd` authentication and configure the path to the `htpasswd` authentication in the zot configuration file.