Software /
code /
prosody-modules
Annotate
mod_sasl2_fast/README.md @ 5931:d194d1012fd3
Updating dox for mod_rest. Ideas expressed / clarified:
1) Making clear that mod_rest isn't to be installed under VirtualHosts AND as a component.
2) Understanding some of the implications of this choice:
A) Changes to user authentication
B) How it affects subdomains
3) More consistent use of domain names for clarity.
4) Using different heading sizes to show scope of section.
Essentially, I added all the tidbits I had to clarify in getting this to work in my
own example.
author | Ben Smith <bens@effortlessis.com> |
---|---|
date | Mon, 13 May 2024 13:25:13 -0700 |
parent | 5901:70fa3f8de249 |
rev | line source |
---|---|
5092 | 1 --- |
2 labels: | |
3 - Stage-Beta | |
4 summary: "Fast Authentication Streamlining Tokens" | |
5095
745c7f4cca40
mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
5 rockspec: |
745c7f4cca40
mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
6 dependencies: |
745c7f4cca40
mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
7 - mod_sasl2 |
5092 | 8 --- |
9 | |
5901
70fa3f8de249
mod_sasl2_fast: Update reference to now published XEP-0484 (thanks gooya)
Kim Alvefur <zash@zash.se>
parents:
5095
diff
changeset
|
10 This module implements a mechanism described in [XEP-0484: Fast Authentication Streamlining Tokens] via which clients can exchange a |
70fa3f8de249
mod_sasl2_fast: Update reference to now published XEP-0484 (thanks gooya)
Kim Alvefur <zash@zash.se>
parents:
5095
diff
changeset
|
11 password for a secure token, improving security and streamlining future reconnections. |
5092 | 12 |
13 This module depends on [mod_sasl2]. | |
14 | |
15 ## Configuration | |
16 | |
17 | Name | Description | Default | | |
18 |---------------------------|--------------------------------------------------------|-----------------------| | |
19 | sasl2_fast_token_ttl | Default token expiry (seconds) | `86400*21` (21 days) | | |
20 | sasl2_fast_token_min_ttl | Time before tokens are eligible for rotation (seconds) | `86400` (1 day) | | |
21 | |
22 The `sasl2_fast_token_ttl` option determines the length of time a client can | |
23 remain disconnected before being "logged out" and needing to authenticate with | |
24 a password. Clients must perform at least one FAST authentication within this | |
25 period to remain active. | |
26 | |
27 The `sasl2_fast_token_min_ttl` option defines how long before a token will be | |
28 rotated by the server. By default a token is rotated if it is older than 24 | |
29 hours. This value should be less than `sasl2_fast_token_ttl` to prevent | |
30 clients being logged out unexpectedly. |