open-vault/website/content/docs/auth/userpass.mdx
Niranjan Shrestha adbfffc47b
Update userpass.mdx (#20121)
* Update userpass.mdx

vault write auth/userpass/users/mitchellh password=foo policies=admins
in the path "userpass" is actually a path, if custom path is defined, custom path need to used, instead of userpass.

* Add extra description

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-04-17 16:52:13 +00:00

95 lines
2.2 KiB
Plaintext

---
layout: docs
page_title: Userpass - Auth Methods
description: >-
The "userpass" auth method allows users to authenticate with Vault using a
username and password.
---
# Userpass Auth Method
The `userpass` auth method allows users to authenticate with Vault using
a username and password combination.
The username/password combinations are configured directly to the auth
method using the `users/` path. This method cannot read usernames and
passwords from an external source.
The method lowercases all submitted usernames, e.g. `Mary` and `mary` are the
same entry.
## Authentication
### Via the CLI
```shell-session
$ vault login -method=userpass \
username=mitchellh \
password=foo
```
### Via the API
```shell-session
$ curl \
--request POST \
--data '{"password": "foo"}' \
http://127.0.0.1:8200/v1/auth/userpass/login/mitchellh
```
The response will contain the token at `auth.client_token`:
```json
{
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"auth": {
"client_token": "c4f280f6-fdb2-18eb-89d3-589e2e834cdb",
"policies": ["admins"],
"metadata": {
"username": "mitchellh"
},
"lease_duration": 0,
"renewable": false
}
}
```
## Configuration
Auth methods must be configured in advance before users or machines can
authenticate. These steps are usually completed by an operator or configuration
management tool.
1. Enable the userpass auth method:
```shell-session
$ vault auth enable userpass
```
This enables the userpass auth method at `auth/userpass`. To enable it at a different path, use the `-path` flag:
```shell-session
$ vault auth enable -path=<path> userpass
```
1. Configure it with users that are allowed to authenticate:
```shell-session
$ vault write auth/<userpass:path>/users/mitchellh \
password=foo \
policies=admins
```
This creates a new user "mitchellh" with the password "foo" that will be
associated with the "admins" policy. This is the only configuration
necessary.
## API
The Userpass auth method has a full HTTP API. Please see the [Userpass auth
method API](/vault/api-docs/auth/userpass) for more details.