Using the Internal Flat-File Authentication Service

The FTL flat-file authentication service provides authentication functionality for the realm server, reading user name and password data from a flat file. It runs inside the realm server.

1. Configure the flat file with user name and password data.

   Passwords must be clear text, not obfuscated nor checksummed. Ensure that the flat file is secure.

   Note: Syntax Summary

   • Each line defines one user.
   • Each line must specify a user name and password, and may also specifiy optional roles.
   • Delimit the user name with a required colon.
   • You may add optional space characters after the colon. The password begins with the first non-whitespace character after the colon.
   • Delimit the password with a comma-space pair. If a line contains more than one comma-space pair, the rightmost pair delimits the password. Earlier pairs become part of the password, as do individual comma and space characters.
   • Separate roles with a comma only (spaces are not valid).

   For example:

   admin: my_admin_pw, ftl,ftl-admin
   rs: my_rs_pw, ftl-primary,ftl-satellite,ftl-backup,ftl-admin,ftl,auth
   app_user_1:my_pw, ftl
   app_user_2:     her_pw, ftl
   app_user_3:  my pw, more pw,,   and still more pw , role-1,ftl

   In the last example, the boldface type illustrates a complicated password containing spaces, commas, and even comma-space pairs.
2. Start the realm server.

   Supply the command line parameter --auth.url to specify the URL of the flat file. For example, --auth.url file://myAuthDir/users.txt.