Once you have installed the server, you will need to set it up.

NetAuth has a single configuration file which configures both clients and servers. The configuration file is handled by Viper and can be parsed as TOML, JSON, or YAML. TOML is the canonical format and the format that will be shown in the documentation.

These are the defaults for the config file:

  home = ""

  backend = "bcrypt"

    cost = 15

  backend = "ProtoDB"

  level = "INFO"

  watch-interval = "1s"
  watcher = false

  path = "plugins"

  bind = "localhost"
  port = 1729

  certificate = "keys/tls.pem"
  key = "keys/tls.key"

  backend = "jwt-rsa"
  lifetime = "10m0s"

    bits = 2048
    generate = false

A suitable configuration file can be as little as:

  home = "/var/lib/netauth"
  bind = ""

Configuration files are resolved on a first-found basis from the following locations:

  • $(pwd)/config.toml
  • $HOME/.netauth/config.toml
  • /etc/netauth/config.toml

It is recommended to use a job control system to run the NetAuth server, this can be be handily done with runit which is available for many distributions. A complete runit service file is shown below:


cd /var/lib/netauthd || exit 1

exec chpst -u _netauthd:_netauthd netauthd 2>&1