Configure authorizations

In MAAS, configauth is a command used to configure authentication settings for the MAAS system, specifically for managing API keys and user credentials. This command is primarily used to manage how users authenticate when interacting with MAAS via the CLI, API, and web UI.

Purpose in MAAS

The configauth command is used to:

  • Set up API authentication keys for CLI and programmatic access.
  • Configure and manage user authentication methods (local, LDAP, etc.).
  • Allow users to authenticate without entering credentials repeatedly.

Authentication in MAAS is crucial for securing access to system management functions and enforcing role-based access control (RBAC).

Scope & behavior in MAAS

The configauth command applies to API and CLI authentication but does not affect the MAAS web UI login directly. Instead, it configures API keys that allow CLI and automated systems to authenticate with MAAS without requiring password entry.

MAAS supports authentication via:

  1. Local user accounts (default)
  2. API keys (used for CLI and automation)
  3. External authentication (LDAP, SSO, etc., if configured)

MAAS CLI usage

Viewing current authentication configuration

maas configauth

Displays current authentication settings, including API key configurations.

Creating a new API key for a user

maas apikey --generate --username=<username>

Generates an API key for a specific user, which can be used for authentication.

3. Using an API key for authentication

maas login <profile> <maas_url> <apikey>

Logs into MAAS using an API key instead of a password.

4. Removing an API key

maas revoke-apikey --username=<username>

Revokes the API key, disabling automated access.

Key considerations

  • API keys provide persistent access – Users and scripts can authenticate without passwords, so they should be managed carefully.
  • Local users vs. external authentication – configauth only affects MAAS-managed users and API keys, not LDAP or SSO users.
  • Admins can manage API keys for all users – Regular users can only generate and revoke their own keys.
  • Revoke unused keys – Keeping unused API keys active increases security risks.

Last updated 14 hours ago.

Help improve this document in the forum.