Authentication process
manual
authentication configuration manual security zettelstore
zmk
00001010000000
00001010000000
1
(c) 2020-present by Detlef Stern <ds@zettelstore.de>
00010101000000
00001006050000 00001010040200
en
EUPL-1.2-or-later
20211127174943
20211127174943
public
When someone tries to authenticate itself with an user identifier / user name and a password, the following process is executed:
If meta key owner of the configuration zettel does not have a valid zettel identifier as value, authentication fails.
Retrieve all zettel, where the meta key user-id has the same value as the given user identification. If the list is empty, authentication fails.
From above list, the zettel with the numerically smallest identifier is selected. Or in other words: the oldest zettel is selected This is done to prevent an attacker from creating a new note with the same user identification.
If the zettel does not have a value for the meta key credential, authentication fails.
The value of the meta key credential is compared with the given password. If they do not match, authentication fails.
The authentication is successful, because the Zettelstore has an owner, the identifier matches an user zettel, and the password conforms to the stored credential.