author | Kim Alvefur <zash@zash.se> |
Sat, 30 Mar 2024 15:10:51 +0100 | |
changeset 5881 | 70fa3f8de249 |
parent 5099 | 745c7f4cca40 |
permissions | -rw-r--r-- |
5096 | 1 |
--- |
2 |
labels: |
|
3 |
- Stage-Beta |
|
4 |
summary: "Fast Authentication Streamlining Tokens" |
|
5099
745c7f4cca40
mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5096
diff
changeset
|
5 |
rockspec: |
745c7f4cca40
mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5096
diff
changeset
|
6 |
dependencies: |
745c7f4cca40
mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5096
diff
changeset
|
7 |
- mod_sasl2 |
5096 | 8 |
--- |
9 |
||
5881
70fa3f8de249
mod_sasl2_fast: Update reference to now published XEP-0484 (thanks gooya)
Kim Alvefur <zash@zash.se>
parents:
5099
diff
changeset
|
10 |
This module implements a mechanism described in [XEP-0484: Fast Authentication Streamlining Tokens] via which clients can exchange a |
70fa3f8de249
mod_sasl2_fast: Update reference to now published XEP-0484 (thanks gooya)
Kim Alvefur <zash@zash.se>
parents:
5099
diff
changeset
|
11 |
password for a secure token, improving security and streamlining future reconnections. |
5096 | 12 |
|
13 |
This module depends on [mod_sasl2]. |
|
14 |
||
15 |
## Configuration |
|
16 |
||
17 |
| Name | Description | Default | |
|
18 |
|---------------------------|--------------------------------------------------------|-----------------------| |
|
19 |
| sasl2_fast_token_ttl | Default token expiry (seconds) | `86400*21` (21 days) | |
|
20 |
| sasl2_fast_token_min_ttl | Time before tokens are eligible for rotation (seconds) | `86400` (1 day) | |
|
21 |
||
22 |
The `sasl2_fast_token_ttl` option determines the length of time a client can |
|
23 |
remain disconnected before being "logged out" and needing to authenticate with |
|
24 |
a password. Clients must perform at least one FAST authentication within this |
|
25 |
period to remain active. |
|
26 |
||
27 |
The `sasl2_fast_token_min_ttl` option defines how long before a token will be |
|
28 |
rotated by the server. By default a token is rotated if it is older than 24 |
|
29 |
hours. This value should be less than `sasl2_fast_token_ttl` to prevent |
|
30 |
clients being logged out unexpectedly. |