Annotate

mod_sasl2_fast/README.md @ 5173:460f78654864

mod_muc_rtbl: also filter messages This was a bit tricky because we don't want to run the JIDs through SHA256 on each message. Took a while to come up with this simple plan of just caching the SHA256 of the JIDs on the occupants. This will leave some dirt in the occupants after unloading the module, but that should be ok; once they cycle the room, the hashes will be gone. This is direly needed, otherwise, there is a tight race between the moderation activities and the actors joining the room.
author Jonas Schäfer <jonas@wielicki.name>
date Tue, 21 Feb 2023 21:37:27 +0100
parent 5095:745c7f4cca40
child 5901:70fa3f8de249
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5092
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 ---
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 labels:
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 - Stage-Beta
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 summary: "Fast Authentication Streamlining Tokens"
5095
745c7f4cca40 mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents: 5092
diff changeset
5 rockspec:
745c7f4cca40 mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents: 5092
diff changeset
6 dependencies:
745c7f4cca40 mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents: 5092
diff changeset
7 - mod_sasl2
5092
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 ---
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 This module implements a mechanism via which clients can exchange a password
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 for a secure token, improving security and streamlining future reconnections.
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 At the time of writing, the XEP that describes the FAST protocol is still
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 working its way through the XSF standards process. You can [view the FAST XEP
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 proposal here](https://xmpp.org/extensions/inbox/xep-fast.html).
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 This module depends on [mod_sasl2].
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 ## Configuration
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 | Name | Description | Default |
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 |---------------------------|--------------------------------------------------------|-----------------------|
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 | sasl2_fast_token_ttl | Default token expiry (seconds) | `86400*21` (21 days) |
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 | sasl2_fast_token_min_ttl | Time before tokens are eligible for rotation (seconds) | `86400` (1 day) |
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 The `sasl2_fast_token_ttl` option determines the length of time a client can
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 remain disconnected before being "logged out" and needing to authenticate with
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 a password. Clients must perform at least one FAST authentication within this
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 period to remain active.
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 The `sasl2_fast_token_min_ttl` option defines how long before a token will be
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 rotated by the server. By default a token is rotated if it is older than 24
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 hours. This value should be less than `sasl2_fast_token_ttl` to prevent
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 clients being logged out unexpectedly.