From e198a783d158abc39dd5e8470ee04c0dcc79a5e7 Mon Sep 17 00:00:00 2001
From: Matthias Hanel <mh@synadia.com>
Date: Tue, 12 May 2020 20:41:11 -0400
Subject: [PATCH] Documenting no_auth_user

Signed-off-by: Matthias Hanel <mh@synadia.com>
---
 nats-server/configuration/README.md           |  1 +
 .../configuration/securing_nats/accounts.md   | 24 +++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/nats-server/configuration/README.md b/nats-server/configuration/README.md
index f44cef0..e229f06 100644
--- a/nats-server/configuration/README.md
+++ b/nats-server/configuration/README.md
@@ -144,6 +144,7 @@ authorization: {
 | :--- | :--- |
 | [`authorization`](securing_nats/auth_intro/) | Configuration map for client authentication/authorization. |
 | [`accounts`](securing_nats/accounts.md) | Configuration map for multi tenancy via accounts. |
+| [`no_auth_user`](securing_nats/accounts.md#No-Auth-User) | [Username](securing_nats/auth_intro/username_password.md) present in the [authorization block](securing_nats/auth_intro/README.md) or an [`account`](securing_nats/accounts.md). A client connecting without any form of authentication will be associated with this user, its permissions and account. |
 
 #### Decentralized Authentication and Authorization
 
diff --git a/nats-server/configuration/securing_nats/accounts.md b/nats-server/configuration/securing_nats/accounts.md
index c7a99c1..2be7153 100644
--- a/nats-server/configuration/securing_nats/accounts.md
+++ b/nats-server/configuration/securing_nats/accounts.md
@@ -166,3 +166,27 @@ It is important to reiterate that:
 * service `q.b` is private; only account `B` can send requests to the service.
 * When `C` publishes a request to `Q`, local `C` clients will see `Q` messages. However, the server will remap `Q` to `pubq.C` and forward the requests to account `A`.
 
+## No Auth User
+
+Clients connecting without authentication can be associated with a particular user within an account.
+
+```
+accounts: {
+    A: {
+        users: [
+            {user: a, password: a}
+        ]
+    },
+    B: {
+        users: [
+            {user: b, password: b}
+        ]
+    }
+}
+no_auth_user: a
+```
+
+The above example shows how clients without authentication can be associated with the user `a` within account `A`.
+
+> Please note that the `no_auth_user` will not work with nkeys.
+> The user referenced can also be part of the [authorization](authorization.md) block.