--- id: authentification title: "Authentification" --- The authentification is tied to the auth [plugin](plugins.md) you are using. The package restrictions also is handled by the [Package Access](packages.md). The client authentification is handled by `npm` client itself. Once you login to the application: ```bash npm adduser --registry http://localhost:4873 ``` A token is generated in the `npm` configuration file hosted in your user home folder. For more information about `.npmrc` read the [official documentation](https://docs.npmjs.com/files/npmrc). ```bash cat .npmrc registry=http://localhost:5555/ //localhost:5555/:_authToken="secretVerdaccioToken" //registry.npmjs.org/:_authToken=secretNpmjsToken ``` #### Anonymous publish `verdaccio`allows you to enable anonymous publish, to achieve that you will need to set up correctly your [packages acces](packages.md). Eg: ```yaml 'my-company-*': access: $anonymous publish: $anonymous proxy: npmjs ``` As is described [on issue #212](https://github.com/verdaccio/verdaccio/issues/212#issuecomment-308578500) until `npm@5.3.0` and all minor releases **won't allow you publish without a token**. However `yarn` has not such limitation. ## Default htpasswd In order to simplify the setup, `verdaccio` use a build-in plugin based on `htpasswd`. ```yaml auth: htpasswd: file: ./htpasswd # Maximum amount of users allowed to register, defaults to "+inf". # You can set this to -1 to disable registration. #max_users: 1000 ``` Property | Type | Required | Example | Support | Description --- | --- | --- | --- | --- | --- file | string | Yes | ./htpasswd | all | file that host the encrypted credentials max_users | number | No | 1000 | all | set limit of users In case to decide do not allow user to login, you can set `max_users: -1`.