Mercurial Mercurial > prosody > prosody-modules / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_sasl2_fast/README.md
author Kim Alvefur <zash@zash.se>
Sat, 30 Mar 2024 15:10:51 +0100
changeset 5881 70fa3f8de249
parent 5099 745c7f4cca40
permissions -rw-r--r--
mod_sasl2_fast: Update reference to now published XEP-0484 (thanks gooya)
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
5096
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     1
 
---
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     2
 
labels:
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     3
 
- Stage-Beta
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     4
 
summary: "Fast Authentication Streamlining Tokens"
5099
745c7f4cca40 mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents: 5096
diff changeset 
     5
 
rockspec:
745c7f4cca40 mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents: 5096
diff changeset 
     6
 
  dependencies:
745c7f4cca40 mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents: 5096
diff changeset 
     7
 
  - mod_sasl2
5096
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     8
 
---
6594e7a9a174 mod_sasl2_fast: Add README
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset 
     9
 







5881






70fa3f8de249
mod_sasl2_fast: Update reference to now published XEP-0484 (thanks gooya)



Kim Alvefur <zash@zash.se>


parents: 
5099

diff
changeset




    10


This module implements a mechanism described in [XEP-0484: Fast Authentication Streamlining Tokens] via which clients can exchange a












70fa3f8de249
mod_sasl2_fast: Update reference to now published XEP-0484 (thanks gooya)



Kim Alvefur <zash@zash.se>


parents: 
5099

diff
changeset




    11


password for a secure token, improving security and streamlining future reconnections.







5096






6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    12














6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    13


This module depends on [mod_sasl2].












6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    14














6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    15


## Configuration












6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    16














6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    17


| Name                      | Description                                            | Default               |












6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    18


|---------------------------|--------------------------------------------------------|-----------------------|












6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    19


| sasl2_fast_token_ttl      | Default token expiry (seconds)                         | `86400*21` (21 days)  |












6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    20


| sasl2_fast_token_min_ttl  | Time before tokens are eligible for rotation (seconds) | `86400` (1 day)       |












6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    21














6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    22


The `sasl2_fast_token_ttl` option determines the length of time a client can












6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    23


remain disconnected before being "logged out" and needing to authenticate with












6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    24


a password. Clients must perform at least one FAST authentication within this












6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    25


period to remain active.












6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    26














6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    27


The `sasl2_fast_token_min_ttl` option defines how long before a token will be












6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    28


rotated by the server. By default a token is rotated if it is older than 24












6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    29


hours. This value should be less than `sasl2_fast_token_ttl` to prevent












6594e7a9a174
mod_sasl2_fast: Add README



Matthew Wild <mwild1@gmail.com>


parents: 

diff
changeset




    30


clients being logged out unexpectedly.














prosody-modules