Skip to content

Commit e755388

Browse files
antirezantirez
committed
AUTH doc updated for ACL.
1 parent f2c4ae7 commit e755388

File tree

2 files changed

+42
-8
lines changed

2 files changed

+42
-8
lines changed

commands/acl-whoami.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
Return the username the current connection is authenticated with.
2+
New connections are authenticated with the "default" user. They
3+
can change user using `AUTH`.
4+
5+
@return
6+
7+
@bulk-string-reply: the username of the current connection.
8+
9+
@examples
10+
11+
```
12+
> ACL WHOAMI
13+
"default"
14+
```

commands/auth.md

Lines changed: 28 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,36 @@
1-
Request for authentication in a password-protected Redis server.
2-
Redis can be instructed to require a password before allowing clients to execute
3-
commands.
4-
This is done using the `requirepass` directive in the configuration file.
1+
The AUTH command authenticates the current connection in two cases:
52

6-
If `password` matches the password in the configuration file, the server replies
7-
with the `OK` status code and starts accepting commands.
3+
1. If the Redis server is password protected via the `requirepass` option.
4+
2. If a Redis 6.0 instance, or greater, is using the [Redis ACL system](/topics/acl).
5+
6+
Redis versions prior of Redis 6 were only able to understand the one argument
7+
version of the command:
8+
9+
AUTH <password>
10+
11+
This form just authenticates against the password set with `requirepass`.
12+
In this configuration Redis will deny any command executed by the just
13+
connected clients, unless the connection gets authenticated via `AUTH`.
14+
15+
If the password provided via AUTH matches the password in the configuration file, the server replies with the `OK` status code and starts accepting commands.
816
Otherwise, an error is returned and the clients needs to try a new password.
917

10-
**Note**: because of the high performance nature of Redis, it is possible to try
18+
When Redis ACLs are used, the command should be given in an extended way:
19+
20+
AUTH <username> <password>
21+
22+
In order to authenticate the current connection with one of the connections
23+
defined in the ACL list (see `ACL SETUSER`) and the offical [ACL guide](/topics/acl) for more information.
24+
25+
When ACLs are used, the single argument form of the command, where only the password is specified, assumes that the implicit username is "default".
26+
27+
## Security notice
28+
29+
Because of the high performance nature of Redis, it is possible to try
1130
a lot of passwords in parallel in very short time, so make sure to generate a
1231
strong and very long password so that this attack is infeasible.
32+
A good way to generate strong passwords is via the `ACL GENPASS` command.
1333

1434
@return
1535

16-
@simple-string-reply
36+
@simple-string-reply or an error if the password, or username/password pair, is invalid.

0 commit comments

Comments
 (0)