Skip to content

Commit

Permalink
Added docs for command line auth provider (home-assistant#8321)
Browse files Browse the repository at this point in the history
* Added docs for command line auth provider

Regards home-assistant/core#19985

* Added reference to a compatible script for LDAP authentication

* Added note about stderr with command_line auth provider

* Added note about stripping usernames

* Note that usernames are stripped with command_line auth provider
  • Loading branch information
Robert Schindler authored and balloob committed Feb 7, 2019
1 parent fc60dee commit 47ce52f
Showing 1 changed file with 39 additions and 0 deletions.
39 changes: 39 additions & 0 deletions source/_docs/authentication/providers.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,45 @@ http:
- fd00::/8
```

### {% linkable_title Command Line %}

The Command Line auth provider executes a configurable shell command to perform user authentication. Two environment variables, `username` and `password`, are passed to the command. Access is granted when the command exits successfully (with exit code 0).

This provider can be used to integrate Home Assistant with arbitrary external authentication services, from plaintext databases over LDAP to RADIUS. A compatible script for LDAP authentication is [this one](https://github.com/efficiosoft/ldap-auth-sh), for instance.

Here is a configuration example:

```yaml
homeassistant:
auth_providers:
- type: command_line
command: /absolute/path/to/command
# Optionally, define a list of arguments to pass to the command.
#args: ["--first", "--second"]
# Uncomment to enable parsing of meta variables (see below).
#meta: true
```

When `meta: true` is set in the auth provider's configuration, your command can write some variables to standard output to populate the user account created in Home Assistant with additional data. These variables have to be printed in the form:

```
name = John Doe
```

Leading and trailing whitespace, as well as lines starting with `#` are ignored. The following variables are supported. More may be added in the future.

* `name`: The real name of the user to be displayed in his profile.

Stdaerr is not read at all and just passed through to that of the Home Assistant process, hence you can use it for status messages or suchlike.

<p class='note'>
Any leading and trailing whitespace is stripped from usernames before they're passed to the configured command. For instance, " hello " will be rewritten to just "hello".
</p>

<p class='note'>
For now, meta variables are only respected the first time a particular user is authenticated. Upon subsequent authentications of the same user, the previously created user object with the old values is reused.
</p>

### {% linkable_title Legacy API password %}

<p class='note warning'>
Expand Down

0 comments on commit 47ce52f

Please sign in to comment.