|
5092
|
1 ---
|
|
|
2 labels:
|
|
|
3 - Stage-Beta
|
|
|
4 summary: "Fast Authentication Streamlining Tokens"
|
|
|
5 ---
|
|
|
6
|
|
|
7 This module implements a mechanism via which clients can exchange a password
|
|
|
8 for a secure token, improving security and streamlining future reconnections.
|
|
|
9
|
|
|
10 At the time of writing, the XEP that describes the FAST protocol is still
|
|
|
11 working its way through the XSF standards process. You can [view the FAST XEP
|
|
|
12 proposal here](https://xmpp.org/extensions/inbox/xep-fast.html).
|
|
|
13
|
|
|
14 This module depends on [mod_sasl2].
|
|
|
15
|
|
|
16 ## Configuration
|
|
|
17
|
|
|
18 | Name | Description | Default |
|
|
|
19 |---------------------------|--------------------------------------------------------|-----------------------|
|
|
|
20 | sasl2_fast_token_ttl | Default token expiry (seconds) | `86400*21` (21 days) |
|
|
|
21 | sasl2_fast_token_min_ttl | Time before tokens are eligible for rotation (seconds) | `86400` (1 day) |
|
|
|
22
|
|
|
23 The `sasl2_fast_token_ttl` option determines the length of time a client can
|
|
|
24 remain disconnected before being "logged out" and needing to authenticate with
|
|
|
25 a password. Clients must perform at least one FAST authentication within this
|
|
|
26 period to remain active.
|
|
|
27
|
|
|
28 The `sasl2_fast_token_min_ttl` option defines how long before a token will be
|
|
|
29 rotated by the server. By default a token is rotated if it is older than 24
|
|
|
30 hours. This value should be less than `sasl2_fast_token_ttl` to prevent
|
|
|
31 clients being logged out unexpectedly.
|
