Access control for Heimdall currently provides a built-in user database that allows individual users to have defined authentication (password) and login locations defined
Required fields for each user include:

Username: the login of the user or JDBC connection
Password: The password of the user–please avoid using “:” as it may impact authentication
Hostname or IP address: One of

IPv4 IP address in the format defined here
IPv6 IP address in the format defined here
Subnet address defined with either an IPv4 or IPv6 network address plus “/” and the subnet size
A DNS hostname that resolves to one or more IPv4 or IPv6 addresses. If more than one is provided, than any resolved IP is allowed.
In the event no users are defined, than unrestricted access is allowed
If no hostnames or IPs are provided for a given user, then the user is provided unrestricted access from any network
Internally, passwords are stored in the same way that OpenLDAP stores them by default, i.e. Salted SHA. Example, {SSHA}cca9bbffe6879f8367ab681952da2f995bf1668f