From e8e7c97f623d1a8b1d061821586e6897a20a679c Mon Sep 17 00:00:00 2001 From: Zac Bergquist Date: Wed, 28 Aug 2024 16:21:30 -0600 Subject: [PATCH] docs: describe local user storage and password hashing (#45963) --- docs/pages/admin-guides/management/admin/users.mdx | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/pages/admin-guides/management/admin/users.mdx b/docs/pages/admin-guides/management/admin/users.mdx index 47c89895e613e..9182c65719387 100644 --- a/docs/pages/admin-guides/management/admin/users.mdx +++ b/docs/pages/admin-guides/management/admin/users.mdx @@ -4,7 +4,9 @@ description: Learn how to manage local users in Teleport. Local users are stored --- In Teleport, **local users** are users managed directly via Teleport, rather -than a third-party identity provider. +than a third-party identity provider. All local users are stored in Teleport's +cluster state backend, which contains the user's name, their roles and traits, +and a bcrypt password hash. This guide shows you how to: @@ -61,7 +63,7 @@ The user completes registration by visiting this URL in their web browser, picking a password, and configuring multi-factor authentication. If the credentials are correct, the Teleport Auth Server generates and signs a new certificate, and the client stores this key and will use it for subsequent -logins. +logins. The key will automatically expire after 12 hours by default, after which the user will need to log back in with their credentials. This TTL can be @@ -137,4 +139,3 @@ information, see [GitHub SSO](../../access-controls/sso/github-sso.mdx). -