This section provides general information about the Login, which kind of Login is supported and what exactly happens when you submit your credentials.
Keestash provides both, local accounts as well as LDAP provisioned access. When using local accounts, sign up is done by a register form as you can see here. The user needs to provide some general information such as name, surname, email address etc. and will get access as soon as successfully signed up.
When using local accounts, Keestash creates and saves data into it’s own databases. After validating all information, the user and it’s password is stored in the database. Keestash stores the password never in clear text, but encrypts with a strong and industry standard encryption method. The username and the password chosen while user creation is then used to log in:
When Keestash is connected to a LDAP backend, authentication is done querying the LDAP server. For security reasons, the LDAP server is not mentioned anywhere in the login screen. Keestash assumes that – being in the LDAP mode – Keestash is set up for an organization and users know which LDAP backend is used. Keestash does not support anonymous LDAP logins since it is seen as a security risk. The overall LDAP setup is documented here.
When configured with LDAP, Keestash shows this in the login screen:
As mentioned above, Keestash users are hosted locally regardless of the type of login. Local accounts are stored and managed by Keestash. LDAP users are synchronized with Keestash and are created with as many information as provided by the LDAP server.
For problems with the login – such as password resetting etc. – Keestash SaaS provides a form to reset the account. Read more about here. For self hosted Keestash users should reach out to their admins and customers with custom plans should reach out us.