NATS Docs
NATS Docs
NATS.io
Twitter
Slack
GitHub
Introduction
What's New!
NATS 2.0
FAQ
NATS Concepts
What is NATS
Subject-Based Messaging
Publish-Subscribe
Request-Reply
Queue Groups
Acknowledgements
Sequence Numbers
Developing With NATS
Introduction
Connecting
Automatic Reconnections
Securing Connections
Receiving Messages
Sending Messages
Monitoring the Connection
Tutorials
NATS Server
Installing
Running
Clients
Flags
Configuration
Securing NATS
Enabling TLS
Authentication
Tokens
Username/Password
TLS Authentication
NKeys
Accounts
JWTs
Authentication Timeout
Authorization
Clustering
Gateways
Leaf Nodes
Logging
Monitoring
Managing A NATS Server
NATS and Docker
NATS Tools
Introduction
mkpasswd
nk
nsc
nats-account-server
nats-top
nats-bench
NATS Streaming Concepts
Introduction
Relation to NATS
Client Connections
Channels
Store Interface
Store Encryption
Clustering
Fault Tolerance
Partitioning
Monitoring
Developing With NATS Streaming
Introduction
Connecting to NATS Streaming
Publishing to a Channel
Receiving Messages from a Channel
Durable Subscriptions
Queue Subscriptions
Acknowledgements
The Streaming Protocol
NATS Streaming Server
Important Changes
Installing
Running
Configuring
Process Signaling
Windows Service
Embedding NATS Streaming Server
Docker Swarm
NATS Protocol
Protocol Demo
Client Protocol
NATS Cluster Protocol
NATS on Kubernetes
Introduction
Basic NATS and NATS Streaming Setup
Creating a Kubernetes Cluster
NATS Streaming Cluster with FT Mode
NATS and Prometheus Operator
NATS Cluster and Cert Manager
Securing a NATS Cluster with cfssl
Powered by GitBook

Username/Password

You can authenticate one or more clients using username and passwords; this enables you to have greater control over the management and issuance of credential secrets.

For a single user:

authorization: {
    user: a,
    password: b
}

You can also specify a single username/password by:

> nats-server --user a --pass b

For multiple users:

authorization: {
    users: [
        {user: a, password: b},
        {user: b, password: a}
    ]
}

Bcrypted Passwords

Username/password also supports bcrypted passwords using the mkpasswd tool. Simply replace the clear text password with the bcrypted entries:

> mkpasswd
pass: (Uffs#rG42PAu#Oxi^BNng
bcrypt hash: $2a$11$V1qrpBt8/SLfEBr4NJq4T.2mg8chx8.MTblUiTBOLV3MKDeAy.f7u

And on the configuration file:

authorization: {
    users: [
        {user: a, password: "$2a$11$V1qrpBt8/SLfEBr4NJq4T.2mg8chx8.MTblUiTBOLV3MKDeAy.f7u"},
        ...    
    ]
}

Reloading a Configuration

As you add/remove passwords from the server configuration file, you'll want your changes to take effect. To reload without restarting the server and disconnecting clients, do:

> nats-server --signal reload
Previous
Tokens
Next
TLS Authentication
Last updated 2 months ago
Edit on GitHub
Contents
Bcrypted Passwords
Reloading a Configuration