2007-02-13 19:51:21 +01:00
|
|
|
[[template id=plugin name=passwordauth core=1 author="[[Joey]]"]]
|
2006-11-20 21:37:27 +01:00
|
|
|
[[tag type/auth]]
|
|
|
|
|
|
|
|
This plugin lets ikiwiki prompt for a user name and password when logging
|
2008-05-29 21:17:19 +02:00
|
|
|
into the wiki. It also handles registering users, resetting passwords, and
|
2006-11-20 21:37:27 +01:00
|
|
|
changing passwords in the prefs page.
|
|
|
|
|
|
|
|
It is enabled by default, but can be turned off if you want to only use
|
2007-02-26 09:46:27 +01:00
|
|
|
some other form of authentication, such as [[httpauth]] or [[openid]].
|
2008-01-16 17:14:33 +01:00
|
|
|
|
2008-01-16 19:34:06 +01:00
|
|
|
When the `account_creation_password` configuration option is enabled with
|
2008-05-29 21:17:19 +02:00
|
|
|
a password, this plugin prompts for the password when creating an
|
|
|
|
account as a simplistic anti-spam measure.
|
2008-01-16 17:14:33 +01:00
|
|
|
(Some wikis edited by a particular group use an account creation password
|
|
|
|
as an "ask an existing member to get an account" system.)
|
|
|
|
|
2008-05-29 21:17:19 +02:00
|
|
|
## password storage
|
2008-01-16 17:14:33 +01:00
|
|
|
|
2008-05-29 21:17:19 +02:00
|
|
|
Users' passwords are stored in the `.ikiwiki/userdb` file, which needs to
|
|
|
|
be kept safe to prevent exposure of passwords. If the
|
2008-05-31 00:28:21 +02:00
|
|
|
[[cpan Authen::Passphrase]] perl module is installed, only hashes of the
|
2008-05-29 21:17:19 +02:00
|
|
|
passwords will be stored. This is strongly recommended.
|
|
|
|
|
|
|
|
The `password_cost` configuration option can be used to make the stored
|
|
|
|
password hashes be more difficult to brute force, at the expense of also
|
|
|
|
taking more time to check a password when a user logs into the wiki. The
|
|
|
|
default value is 8, max value is (currently) 31, and each step *doubles*
|
|
|
|
the time required.
|
|
|
|
|
|
|
|
So if you're worried about your password files leaking and being cracked,
|
|
|
|
you can increase the `password_cost` and make that harder. But a better
|
|
|
|
choice might be to not deal with user passwords at all, and instead use
|
|
|
|
[[openid]]!
|