Using the Internal Flat-File Authentication Service

The FTL flat-file authentication service provides authentication functionality for the FTL server, reading user name and password data from a flat file. It runs inside the FTL server.

1. Configure the flat file with user name and password data.

   Passwords must be clear text, not obfuscated nor checksummed. Ensure that the flat file is secure.

   Note: Syntax Summary

   • Each line defines one user.
   • Each line must specify a user name and password, and may also specify optional authorization roles or groups.
   • Delimit the user name with a required colon.
   • You may add optional space characters after the colon. The password begins with the first non-whitespace character after the colon.
   • Delimit the password with a comma-space pair. If a line contains more than one comma-space pair, the rightmost pair delimits the password. Earlier pairs become part of the password, as do individual comma and space characters.
   • Hashed passwords are allowed.
   • Separate authorization roles or groups with a comma only (spaces are not valid).

   For example:

   admin: my_admin_pw, ftl,ftl-admin
   ftl_svr: my_ftl_svr_pw, ftl-internal,ftl-admin,ftl,auth
   app_user_1:my_pw, ftl
   app_user_2:     her_pw, ftl
   app_user_3:  my pw, more pw,,   and still more pw , role-1,ftl

   In the last example, the boldface type illustrates a complicated password containing spaces, commas, and even comma-space pairs.
2. Configure the FTL server.
   Supply the configuration parameter auth.url to specify the URL of the flat file. For example:

   globals:
       # ...
       auth.url: file:///myAuthDir/users.txt

3. Start the FTL server.