# AUTH

```json metadata
{
  "title": "AUTH",
  "description": "Authenticates the connection.",
  "categories": ["docs","develop","stack","oss","rs","rc","oss","kubernetes","clients"],
  "arguments": [{"display_text":"username","name":"username","optional":true,"since":"6.0.0","type":"string"},{"display_text":"password","name":"password","type":"string"}],
  "syntax_fmt": "AUTH [username] password",
  "complexity": "O(N) where N is the number of passwords defined for the user",
  "group": "connection",
  "command_flags": ["noscript","loading","stale","fast","no_auth","allow_busy"],
  "acl_categories": ["@fast","@connection"],
  "since": "1.0.0",
  "arity": -2,
  "tableOfContents": {"sections":[{"id":"security-notice","title":"Security notice"},{"id":"redis-enterprise-and-redis-cloud-compatibility","title":"Redis Enterprise and Redis Cloud compatibility"},{"id":"return-information","title":"Return information"}]}
}
```













The AUTH command authenticates the current connection in two cases:

1. If the Redis server is password protected via the `requirepass` option.
2. A Redis 6.0 instance, or greater, is using the [Redis ACL system](https://redis.io/docs/latest/operate/oss_and_stack/management/security/acl).

Redis versions prior of Redis 6 were only able to understand the one argument
version of the command:


AUTH "temp-pass"


This form just authenticates against the password set with `requirepass`.
In this configuration Redis will deny any command executed by the just
connected clients, unless the connection gets authenticated via `AUTH`.

If the password provided via AUTH matches the password in the configuration file, the server replies with the `OK` status code and starts accepting commands.
Otherwise, an error is returned and the clients needs to try a new password.

When Redis ACLs are used, the command should be given in an extended way:


AUTH "test-user" "strong_password"


In order to authenticate the current connection with one of the connections
defined in the ACL list (see [`ACL SETUSER`](https://redis.io/docs/latest/commands/acl-setuser)) and the official [ACL guide](https://redis.io/docs/latest/operate/oss_and_stack/management/security/acl) for more information.

When ACLs are used, the single argument form of the command, where only the password is specified, assumes that the implicit username is "default".

## Security notice

Because of the high performance nature of Redis, it is possible to try
a lot of passwords in parallel in very short time, so make sure to generate a
strong and very long password so that this attack is infeasible.
A good way to generate strong passwords is via the [`ACL GENPASS`](https://redis.io/docs/latest/commands/acl-genpass) command.

## Redis Enterprise and Redis Cloud compatibility

| Redis<br />Enterprise | Redis<br />Cloud | <span style="min-width: 9em; display: table-cell">Notes</span> |
|:----------------------|:-----------------|:------|
| <span title="Supported">&#x2705; Standard</span><br /><span title="Supported"><nobr>&#x2705; Active-Active</nobr></span> | <span title="Supported">&#x2705; Standard</span><br /><span title="Supported"><nobr>&#x2705; Active-Active</nobr></span> |  |

## Return information

{{< multitabs id="auth-return-info" 
    tab1="RESP2" 
    tab2="RESP3" >}}

[Simple string reply](../../develop/reference/protocol-spec#simple-strings): `OK`, or an error if the password, or username/password pair, is invalid.

-tab-sep-

[Simple string reply](../../develop/reference/protocol-spec#simple-strings): `OK`, or an error if the password, or username/password pair, is invalid.


