The server decides what access a client should have based on the username and password provided. For access to be granted, these credentials must be validated against one of the three user classes described below.
When servedat is run in QuickStart mode (command line, no options, unprivileged), it defaults to allowing Anonymous Users restricted to the current folder. No username or password is required or permitted in QuickStart mode.
See the Adding Users section for step-by-step instructions on setting up users for each of the following classes.
When servedat is run with sufficient privileges, it can access the host operating system's authentication databases. This may include PAM, Active Directory, passwd, LDAP, NIS, or any other sources tied to operating system logon mechanisms. If the server host is a network client, servedat will inherit access to the remote authentication databases as well. Operations performed using system logons will inherit whatever privileges and limitations are assigned by the operating system.
The preferred method to enable SysAuth is to set "SysAuth 1" in a configuration file, or specify "-S" on the command line.
SysAuth will be turned on by default if servedat is run as root or as a Windows service, and no AuthFile is specified.
See the SysAuth section for more details about System Authentication.
You can create private, ExpeDat / SyncDat only, user accounts independent of the operating system's logon databases by installing an AuthFile.
An AuthFile, is a flat text file with one line per username that lets you set the password, home directory, and access restrictions for that user. On unix systems you can set user and group ids to govern each user's access.
AuthFile usernames take priority over SysAuth usernames. So if a username exists in both databases, the AuthFile record will control access.
See the AuthFile section for more details about the Authentication File.
AuthFile records can be used to shadow existing SysAuth records by specifying a single astrisk * in the password field. The system logon databases will be used to authenticate the password and retrieve defaults for other fields.
Shadow Authentication can be used to limit the access rights of system users on an individual basis, and to restrict access to only approved system users. See the Shadow Authentication section for details.
When no username is supplied from the client, the transaction is considered "anonymous". In QuickStart mode with no other authentication enabled, anonymous users will be accepted by default and given restricted access to the Default Home. If SysAuth or AuthFile is enabled (either explicitly or by default), then anonymous users will be allowed only if the username "ANONYMOUS" can be found in either of those locations.
When running in QuickStart mode, the server will reject transactions which include a username or password. This is done to make it clear that the server is running in an unsecured test mode.
The preferred method for enabling anonymous access is to specify an AuthFile and create a record for the username "ANONYMOUS". The included svpasswd.txt example file shows such a record. You only need to remove the leading "#" character to use it.