traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Netgrimoire/Ward-Grimoire/Access/Auth-Overview.md
traveler cc574f8aed New Grimoire
2026-04-12 09:53:51 -05:00

1.2 KiB
Raw Blame History

title description published date tags editor dateCreated
Authentication Overview SSO, LDAP, and access control in Netgrimoire true 2026-04-12T00:00:00.000Z ward, auth, sso markdown 2026-04-12T00:00:00.000Z

Authentication Overview

SSO Providers

Provider Scope URL
Authentik *.netgrimoire.com Protected via caddy.import_1: authentik label
Authelia *.wasted-bandwidth.net Green Grimoire + Shadow Grimoire services

Both providers use LLDAP as their LDAP backend.

LLDAP

Lightweight LDAP directory at ldap.netgrimoire.com. Postgres backend. Provides the user directory for both Authentik and Authelia.

See LDAP Client Setup for configuring hosts to authenticate via LLDAP.

Vaultwarden

Password manager at pass.netgrimoire.com. Protected by Authentik.

WireGuard

5 VPN peers on 192.168.32.0/24. Managed in OPNsense. See Host Inventory for peer assignments.

YubiKey (Planned)

  • PIV SSH authentication on all hosts — highest-impact pending integration
  • Challenge-response for LUKS / Kopia key derivation on znas