When I setup a connection to my Kopia server, I do only have to specify one password. What is the relation between the repository password and the Kopia server password, which is stored in the .htpasswd file?
Unrelated. Kopia server password is per user (of the server). Server is a repository client and has its own password to decrypt actual data.
Fun fact: Kopia server can itself be connected to another kopia server. This is how Kopia UI works (each ui window is served by running instance of Kopia server which talks to some backend which could be another server). in case of UI there’s third kind of password involved which is random 64 characters generated per UI session.
I see. So, at the moment, I do run Kopia server on my storage node using a dedicated config file and given password which it needs to connect to the local repository. In the password file are multiple accounts with different passwords, which are then used by the remote Kopia “agents” to connect to the Kopia server instance.
That’s exactly the right thing to do. BTW “agents” only see their own snapshots and policies (so far, there’s proposal to make this customizable)
I don’t mind if that’s customizable, as long as he default remains restricted - keep it safe/private by default.
Is the use of htpasswd file mandatory to allow users to connect to the server or can the users configuration be done serverside using kopia server user
commands?
Self-answer: I can see on the documentation that this (htpasswd file) is no longer needed after Kopia version 0.8. Still I cannot connect to the server using kopia repository connect server
command clientside (HTTP status code 401
). Hence the above question…