@node Passwords
@unnumbered Password authentication

Password authentication is required for packages uploading. Passwords
are dynamically changed through the FIFO file. You have to create it and
use in @option{-passwd} option. Optionally, to list currently present
logins use another FIFO and @option{-passwd-list} option:

@example
$ mkfifo passwd passwd-list
$ gocheese -passwd passwd -passwd-list passwd-list ...
@end example

Then you must feed it newline-separated records in following format:

@example
username:hashed-password[:ro]
@end example

Where @code{hashed-password} is in one of following algorithms:

@table @asis

@item @url{https://www.argon2i.com/, Argon2i} (recommended one!)
    To get Argon2i hashed-password you can use any of following tools:

    @itemize
    @item @code{go install @url{https://github.com/balakhonova/argon2i,
        github.com/balakhonova/argon2i@@latest}} (Go)
    @item @url{https://github.com/p-h-c/phc-winner-argon2} (C)
    @end itemize

    Example user @code{foo} with password @code{bar} can have the
    following password file entry:

@verbatim
foo:$argon2i$v=19$m=32768,t=3,p=4$OGU5MTM3YjVlYzQwZjhkZA$rVn53v6Ckpf7WH0676ZQLr9Hbm6VH3YnL6I9ONJcIIU
@end verbatim

@item SHA256
    You can use your operating system tools:

@example
$ echo -n "password" | `command -v sha256 || echo sha256sum`
@end example

    Example user @code{foo} with password @code{bar} will have the
    following password file entry:

@verbatim
foo:$sha256$fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9
@end verbatim

@end table

Optional @code{:ro} flag forbids user to upload packages, but allows
read-only access if @option{-auth-required} is enabled.

To add or update password entry:

@example
$ echo foo:$sha256$... > passwd
$ cat passwords.txt > passwd
@end example

To delete login entry use empty password:

@example
$ echo foo: > passwd
@end example

You can also check you passwords file with:

@example
$ gocheese -passwd-check < passwords.txt
$ echo $?
@end example