doc/passwords.texi

   1 @node Passwords
   2 @unnumbered Password authentication
   3
   4 Password authentication is required for packages uploading.
   5 You have to store your authentication data in @option{-passwd} file in
   6 following format:
   7
   8 @example
   9 username:hashed-password
  10 @end example
  11
  12 Empty lines and having @verb{|#|} at the beginning are skipped.
  13
  14 Supported hashing algorithms are:
  15
  16 @table @asis
  17
  18 @item @url{https://www.argon2i.com/, Argon2i} (recommended one!)
  19     To get Argon2i hashed-password you can use any of following tools:
  20     @itemize
  21     @item go get @url{https://github.com/balakhonova/argon2i,
  22         github.com/balakhonova/argon2i} (Go)
  23     @item @url{https://github.com/p-h-c/phc-winner-argon2} (C)
  24     @end itemize
  25     Example user @code{foo} with password @code{bar} can have the
  26     following password file entry:
  27
  28 @verbatim
  29 foo:$argon2i$v=19$m=32768,t=3,p=4$OGU5MTM3YjVlYzQwZjhkZA$rVn53v6Ckpf7WH0676ZQLr9Hbm6VH3YnL6I9ONJcIIU
  30 @end verbatim
  31
  32 @item SHA256
  33     You can use your operating system tools:
  34
  35 @example
  36 # BSD-based systems:
  37 $ echo -n "password" | sha256
  38
  39 # GNU/Linux-based systems
  40 $ echo -n "password" | sha256sum
  41 @end example
  42
  43     Example user @code{foo} with password @code{bar} will have the
  44     following password file entry:
  45
  46 @verbatim
  47 foo:$sha256$fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9
  48 @end verbatim
  49
  50 @end table
  51
  52 You can refresh passwords by sending @code{SIGHUP} signal to the working daemon:
  53
  54 @example
  55 $ pkill -HUP gocheese
  56 $ kill -HUP `pidof gocheese`
  57 $ svc -h /var/service/gocheese
  58 @end example
  59
  60 Before refreshing it's recommended to check @option{-passwd} file with
  61 @option{-passwd-check} option to prevent daemon failure.