# Authentification

The authentification is tied to the auth [plugin](plugins.md) you are using. The package restrictions also is handled by the [Package Access](packages.md).

The client authentification is handled by `npm` client itself. Once you login to the application:

```bash
npm adduser --registry http://localhost:4873
```

A token is generated in the `npm` configuration file hosted in your user home folder. For more information about `.npmrc` read the [official documentation](https://docs.npmjs.com/files/npmrc).

```bash
cat .npmrc 
registry=http://localhost:5555/
//localhost:5555/:_authToken="secretVerdaccioToken"
//registry.npmjs.org/:_authToken=secretNpmjsToken
```

## Default htpasswd

In order to simplify the setup, `verdaccio` use a build-in plugin based on `htpasswd`.

```yaml
auth:
  htpasswd:
    file: ./htpasswd
    # Maximum amount of users allowed to register, defaults to "+inf".
    # You can set this to -1 to disable registration.
    #max_users: 1000
```    

Property | Type | Required | Example | Support | Description 
--- | --- | --- | --- | --- | --- 
file | string | Yes | ./htpasswd | all | file that host the encrypted credentials
max_users | number | No | 1000 | all | set limit of users

In case to decide do not allow user to login, you can set `max_users: -1`.