diff --git a/dev/docker/Dockerfile b/dev/docker/Dockerfile
index f0e4a75..998a1cd 100644
--- a/dev/docker/Dockerfile
+++ b/dev/docker/Dockerfile
@@ -35,13 +35,15 @@ RUN apk --no-cache add linux-pam musl
 # make tempdir in case filestore is used
 ADD tmp.tar /
 
-USER 1001
+COPY --chown=0 rdpgw-pam /etc/pam.d/rdpgw
 
+USER 1001
 COPY --chown=1001 run.sh run.sh
 COPY --chown=1001 --from=builder /opt/rdpgw /opt/rdpgw
 COPY --chown=1001 --from=builder /etc/passwd /etc/passwd
 COPY --chown=1001 --from=builder /etc/ssl/certs /etc/ssl/certs
-#COPY --chown=1001 rdpgw.yaml /opt/rdpgw/rdpgw.yaml
+
+USER 0
 
 WORKDIR /opt/rdpgw
 ENTRYPOINT ["/bin/sh", "/run.sh"]
diff --git a/dev/docker/rdpgw-pam b/dev/docker/rdpgw-pam
new file mode 100644
index 0000000..8ed41ab
--- /dev/null
+++ b/dev/docker/rdpgw-pam
@@ -0,0 +1,3 @@
+# basic PAM configuration for rdpgw on Alpine
+auth include base-auth
+auth include base-account
diff --git a/dev/docker/run.sh b/dev/docker/run.sh
index 49c6a9e..c8d4c3f 100755
--- a/dev/docker/run.sh
+++ b/dev/docker/run.sh
@@ -1,11 +1,34 @@
 #!/bin/sh
+
+USER=rdpgw
+
+file="/root/createusers.txt"
+if [ -f $file ]
+  then
+    while IFS=: read -r username password is_sudo
+        do
+            echo "Username: $username, Password: **** , Sudo: $is_sudo"
+
+            if getent passwd "$username" > /dev/null 2>&1
+              then
+                echo "User Exists"
+              else
+                adduser -s /sbin/nologin "$username"
+                echo "$username:$password" | chpasswd
+            fi
+    done <"$file"
+fi
+
 cd /opt/rdpgw || exit 1
 
-if ! [ -e /opt/rdpgw/rdpgw.yaml ]; then
-  cp /opt/rdpgw/rdpgw.yaml.default /opt/rdpgw/rdpgw.yaml
+if [ -n "${RDPGW_SERVER__AUTHENTICATION}" ]; then
+  if [ "${RDPGW_SERVER__AUTHENTICATION}" = "local" ]; then
+    echo "Starting rdpgw-auth"
+    /opt/rdpgw/rdpgw-auth &
+  fi
 fi
 
-/opt/rdpgw/rdpgw-auth &
-/opt/rdpgw/rdpgw &
+# drop privileges and run the application
+su -c /opt/rdpgw/rdpgw ${USER} &
 wait
 exit $?