Software / code / prosody-modules
Annotate
mod_sasl2_fast/README.md @ 6120:bd3ff802d883
mod_anti_spam: Fix another traceback for origin sessions without an IP
This is likely to be the case for stanzas originating from local hosts, for
example (so not true s2s). It should be safe to bypass the IP check for those.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sat, 28 Dec 2024 21:02:08 +0000 |
| parent | 6107:bc7acb8e627e |
| child | 6251:694f8fab07d4 |
| rev | line source |
|---|---|
| 5092 | 1 --- |
| 2 labels: | |
| 3 - Stage-Beta | |
| 4 summary: "Fast Authentication Streamlining Tokens" | |
|
5095
745c7f4cca40
mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
5 rockspec: |
|
745c7f4cca40
mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
6 dependencies: |
|
745c7f4cca40
mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
7 - mod_sasl2 |
| 5092 | 8 --- |
| 9 | |
|
5901
70fa3f8de249
mod_sasl2_fast: Update reference to now published XEP-0484 (thanks gooya)
Kim Alvefur <zash@zash.se>
parents:
5095
diff
changeset
|
10 This module implements a mechanism described in [XEP-0484: Fast Authentication Streamlining Tokens] via which clients can exchange a |
|
70fa3f8de249
mod_sasl2_fast: Update reference to now published XEP-0484 (thanks gooya)
Kim Alvefur <zash@zash.se>
parents:
5095
diff
changeset
|
11 password for a secure token, improving security and streamlining future reconnections. |
| 5092 | 12 |
| 13 This module depends on [mod_sasl2]. | |
| 14 | |
| 15 ## Configuration | |
| 16 | |
| 17 | Name | Description | Default | | |
| 18 |---------------------------|--------------------------------------------------------|-----------------------| | |
|
6107
bc7acb8e627e
mod_sasl2_fast: Update Compatibility
Menel <menel@snikket.de>
parents:
5901
diff
changeset
|
19 | sasl2_fast_token_ttl | Default token expiry (seconds) | 86400*21 (21 days) | |
|
bc7acb8e627e
mod_sasl2_fast: Update Compatibility
Menel <menel@snikket.de>
parents:
5901
diff
changeset
|
20 | sasl2_fast_token_min_ttl | Time before tokens are eligible for rotation (seconds) | 86400 (1 day) | |
| 5092 | 21 |
| 22 The `sasl2_fast_token_ttl` option determines the length of time a client can | |
| 23 remain disconnected before being "logged out" and needing to authenticate with | |
| 24 a password. Clients must perform at least one FAST authentication within this | |
| 25 period to remain active. | |
| 26 | |
| 27 The `sasl2_fast_token_min_ttl` option defines how long before a token will be | |
| 28 rotated by the server. By default a token is rotated if it is older than 24 | |
| 29 hours. This value should be less than `sasl2_fast_token_ttl` to prevent | |
| 30 clients being logged out unexpectedly. | |
|
6107
bc7acb8e627e
mod_sasl2_fast: Update Compatibility
Menel <menel@snikket.de>
parents:
5901
diff
changeset
|
31 |
|
bc7acb8e627e
mod_sasl2_fast: Update Compatibility
Menel <menel@snikket.de>
parents:
5901
diff
changeset
|
32 # Compatibility |
|
bc7acb8e627e
mod_sasl2_fast: Update Compatibility
Menel <menel@snikket.de>
parents:
5901
diff
changeset
|
33 |
|
bc7acb8e627e
mod_sasl2_fast: Update Compatibility
Menel <menel@snikket.de>
parents:
5901
diff
changeset
|
34 Prosody-Version Status |
|
bc7acb8e627e
mod_sasl2_fast: Update Compatibility
Menel <menel@snikket.de>
parents:
5901
diff
changeset
|
35 --------------- ---------------------- |
|
bc7acb8e627e
mod_sasl2_fast: Update Compatibility
Menel <menel@snikket.de>
parents:
5901
diff
changeset
|
36 trunk Works as of 2024-12-21 |
|
bc7acb8e627e
mod_sasl2_fast: Update Compatibility
Menel <menel@snikket.de>
parents:
5901
diff
changeset
|
37 0.12 Does not work |
