title: Authentication process role: manual tags: #authentication #configuration #manual #security #zettelstore syntax: zmk back: 00001010000000 backward: 00001010000000 box-number: 1 copyright: (c) 2020-present by Detlef Stern created: 20210126175322 forward: 00001006050000 00001010040200 lang: en license: EUPL-1.2-or-later modified: 20211127174943 published: 20211127174943 visibility: public When someone tries to authenticate itself with an user identifier / ""user name"" and a password, the following process is executed: # If meta key ''owner'' of the configuration zettel does not have a valid [[zettel identifier|00001006050000]] as value, authentication fails. # Retrieve all zettel, where the meta key ''user-id'' has the same value as the given user identification. If the list is empty, authentication fails. # From above list, the zettel with the numerically smallest identifier is selected. Or in other words: the oldest zettel is selected[^This is done to prevent an attacker from creating a new note with the same user identification]. # If the zettel does not have a value for the meta key ''credential'', authentication fails. # The value of the meta key ''credential'' is compared with the given password. If they do not match, authentication fails. The authentication is successful, because the Zettelstore has an owner, the identifier matches an [[user zettel|00001010040200]], and the password conforms to the stored credential.