?i»?
Your IP : 13.59.123.182
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>External Storage authentication mechanisms — Nextcloud 13 Administration Manual 13 documentation</title>
<link rel="stylesheet" href="../../_static/" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../../_static/main.min.css" type="text/css" />
<link rel="stylesheet" href="../../_static/styles.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
VERSION: '13',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
<script type="text/javascript" src="../../_static/js/jquery-1.11.0.min.js"></script>
<script type="text/javascript" src="../../_static/js/jquery-fix.js"></script>
<script type="text/javascript" src="../../_static/bootstrap-3.1.0/js/bootstrap.min.js"></script>
<script type="text/javascript" src="../../_static/bootstrap-sphinx.js"></script>
<link rel="top" title="Nextcloud 13 Administration Manual 13 documentation" href="../../contents.html" />
<link rel="up" title="File sharing and management" href="../index.html" />
<link rel="next" title="Encryption configuration" href="../encryption_configuration.html" />
<link rel="prev" title="Configuring External Storage (configuration file)" href="../external_storage_configuration.html" />
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="theme-color" content="#1d2d44">
</head>
<body role="document">
<div class="wrap container not-front">
<div class="content row">
<main class="main">
<div class="row">
<div class="col-md-3">
<div class="sidebar">
<h1>Nextcloud 13 Administration Manual</h1>
<div class="sidebar-search">
<form class="headersearch" action="../../search.html" method="get">
<input type="text" value="" name="q" id="q" class="form-control" />
<button class="btn btn-default" type="submit" id="searchsubmit">Search</button>
</form>
</div>
<div class="menu-support-container">
<ul id="menu-support" class="menu">
<ul>
<li><a href="../../contents.html">Table of Contents</a></li>
</ul>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../index.html">Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../release_notes.html">Release notes</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../installation/index.html">Installation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../configuration_server/index.html">Server configuration</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../configuration_user/index.html">User management</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../index.html">File sharing and management</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../file_sharing_configuration.html">File Sharing</a></li>
<li class="toctree-l2"><a class="reference internal" href="../federated_cloud_sharing_configuration.html">Configuring Federation Sharing</a></li>
<li class="toctree-l2"><a class="reference internal" href="../big_file_upload_configuration.html">Uploading big files > 512MB</a></li>
<li class="toctree-l2"><a class="reference internal" href="../default_files_configuration.html">Providing default files</a></li>
<li class="toctree-l2"><a class="reference internal" href="../external_storage_configuration_gui.html">Configuring External Storage (GUI)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../external_storage_configuration.html">Configuring External Storage (configuration file)</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="">External Storage authentication mechanisms</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#special-mechanisms">Special mechanisms</a></li>
<li class="toctree-l3"><a class="reference internal" href="#password-based-mechanisms">Password-based mechanisms</a></li>
<li class="toctree-l3"><a class="reference internal" href="#public-key-mechanisms">Public-key mechanisms</a></li>
<li class="toctree-l3"><a class="reference internal" href="#oauth">OAuth</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../encryption_configuration.html">Encryption configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../files_locking_transactional.html">Transactional file locking</a></li>
<li class="toctree-l2"><a class="reference internal" href="../previews_configuration.html">Previews configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../file_versioning.html">Controlling file versions and aging</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../file_workflows/index.html">File workflows</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../configuration_database/index.html">Database configuration</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../configuration_mimetypes/index.html">Mimetypes management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../maintenance/index.html">Maintenance</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../issues/index.html">Issues and troubleshooting</a></li>
</ul>
</ul>
</div>
</div>
</div>
<div class="col-md-9">
<div class="page-content">
<ul class="prevnext-title list-unstyled list-inline">
<li class="prev">
<a href="../external_storage_configuration.html" title="Previous Chapter: Configuring External Storage (configuration file)"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm">« Configuring External Storage (configuration file)</span>
</a>
</li>
<li class="next">
<a href="../encryption_configuration.html" title="Next Chapter: Encryption configuration"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm">Encryption configuration »</span>
</a>
</li>
</ul>
<div class="section" id="external-storage-authentication-mechanisms">
<h1>External Storage authentication mechanisms<a class="headerlink" href="#external-storage-authentication-mechanisms" title="Permalink to this headline">¶</a></h1>
<p>Nextcloud storage backends accept one or more authentication schemes such as
passwords, OAuth, or token-based, to name a few examples. Each authentication
scheme may be implemented by multiple authentication mechanisms. Different
mechanisms require different configuration parameters, depending on their
behavior.</p>
<div class="figure">
<img alt="Authentication types" src="../../_images/authentication-types.png" />
</div>
<div class="section" id="special-mechanisms">
<h2>Special mechanisms<a class="headerlink" href="#special-mechanisms" title="Permalink to this headline">¶</a></h2>
<p>The <strong>None</strong> authentication mechanism requires no configuration parameters, and
is used when a backend requires no authentication.</p>
<p>The <strong>Built-in</strong> authentication mechanism itself requires no configuration
parameters, but is used as a placeholder for legacy storages that have not been
migrated to the new system and do not take advantage of generic authentication
mechanisms. The authentication parameters are provided directly by the backend.</p>
</div>
<div class="section" id="password-based-mechanisms">
<h2>Password-based mechanisms<a class="headerlink" href="#password-based-mechanisms" title="Permalink to this headline">¶</a></h2>
<p>The <strong>Username and password</strong> mechanism requires a manually-defined username and
password. These get passed directly to the backend and are specified during the
setup of the mount point.</p>
<p>The <strong>Log-in credentials, save in session</strong> mechanism uses the Nextcloud login
credentials of the user to connect to the storage. These are not stored anywhere
on the server, but rather in the user session, giving increased security. The
drawbacks are that sharing is disabled when this mechanism is in use, as
Nextcloud has no access to the storage credentials, and background file scanning
does not work.</p>
<p>The <strong>Log-in credentials, save in database</strong> mechanism uses the Nextcloud login
credentials of the user to connect to the storage. These are stored in the
database encrypted with the shared secret. This allows to share files from
within this mount point.</p>
<p>The <strong>User entered, store in database</strong> mechanism work in the same way as the
“Username and password” mechanism but the credentials need to be specified by
each user individually. Before the first access to that mount point the user
will be prompted to enter the credentials.</p>
<p>The <strong>Global credentials</strong> mechanism uses the general input field for “Global
credentials” in the external storage settings section as source for the
credentials instead of individual credentials for a mount point.</p>
</div>
<div class="section" id="public-key-mechanisms">
<h2>Public-key mechanisms<a class="headerlink" href="#public-key-mechanisms" title="Permalink to this headline">¶</a></h2>
<p>Currently only the RSA mechanism is implemented, where a public/private
keypair is generated by Nextcloud and the public half shown in the GUI. The keys
are generated in the SSH format, and are currently 1024 bits in length. Keys
can be regenerated with a button in the GUI.</p>
<div class="figure">
<img alt="Form on admin page for generating RSA keys." src="../../_images/auth_rsa.png" />
</div>
</div>
<div class="section" id="oauth">
<h2>OAuth<a class="headerlink" href="#oauth" title="Permalink to this headline">¶</a></h2>
<p>OAuth 1.0 and OAuth 2.0 are both implemented, but currently limited to the
Dropbox and Google Drive backends respectively. These mechanisms require
additional configuration at the service provider, where an app ID and app
secret are provided and then entered into Nextcloud. Then Nextcloud can
perform an authentication request, establishing the storage connection.</p>
<div class="figure">
<img alt="Dropbox storage mount configuration." src="../../_images/dropbox-oc.png" />
</div>
</div>
</div>
<ul class="prevnext-title list-unstyled list-inline">
<li class="prev">
<a href="../external_storage_configuration.html" title="Previous Chapter: Configuring External Storage (configuration file)"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm">« Configuring External Storage (configuration file)</span>
</a>
</li>
<li class="next">
<a href="../encryption_configuration.html" title="Next Chapter: Encryption configuration"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm">Encryption configuration »</span>
</a>
</li>
</ul>
</div>
</div>
</div>
</main>
</div>
</div>
</body>
</html>