ikiwiki/doc/plugins/passwordauth.mdwn

[[!template id=plugin name=passwordauth core=1 author="[[Joey]]"]]
[[!tag type/auth]]

This plugin lets ikiwiki prompt for a user name and password when logging
into the wiki. It also handles registering users, resetting passwords, and
changing passwords in the prefs page.

It is enabled by default, but can be turned off if you want to only use
some other form of authentication, such as [[httpauth]] or [[openid]].

When the `account_creation_password` configuration option is enabled with
a password, this plugin prompts for the password when creating an
account as a simplistic anti-spam measure.
(Some wikis edited by a particular group use an account creation password
as an "ask an existing member to get an account" system.)

## password storage

Users' passwords are stored in the `.ikiwiki/userdb` file, which needs to
be kept safe to prevent exposure of passwords. If the
[[!cpan Authen::Passphrase]] perl module is installed, only hashes of the
passwords will be stored. This is strongly recommended.

The `password_cost` configuration option can be used to make the stored
password hashes be more difficult to brute force, at the expense of also
taking more time to check a password when a user logs into the wiki. The
default value is 8, max value is (currently) 31, and each step *doubles*
the time required.

So if you're worried about your password files leaking and being cracked,
you can increase the `password_cost` and make that harder. But a better
choice might be to not deal with user passwords at all, and instead use
[[openid]]!
Migrate doc/plugins via prefix_directives This is a partial commit of: egrep -rl '\[\[[a-z]+ ' doc \| xargs --max-args 1 ./ikiwiki-transition prefix_directives 2008-07-21 13:31:57 +02:00			`[[!template id=plugin name=passwordauth core=1 author="[[Joey]]"]]`
			`[[!tag type/auth]]`
* Add "last" parameter to hook function. Very basic ordering, and hopefully nothing more spohisticated will be needed. * Add formbuilder_setup and formbuilder hooks. * Split out a passwordauth module, that holds all the traditional password based authentication etc code. It's enabled by default, but can be disabled if you want only openid or some other auth method. 2006-11-20 21:37:27 +01:00
			`This plugin lets ikiwiki prompt for a user name and password when logging`
documentation for use of hashed passwords Everything but the actual coding to support them. 2008-05-29 21:17:19 +02:00			`into the wiki. It also handles registering users, resetting passwords, and`
* Add "last" parameter to hook function. Very basic ordering, and hopefully nothing more spohisticated will be needed. * Add formbuilder_setup and formbuilder hooks. * Split out a passwordauth module, that holds all the traditional password based authentication etc code. It's enabled by default, but can be disabled if you want only openid or some other auth method. 2006-11-20 21:37:27 +01:00			`changing passwords in the prefs page.`

			`It is enabled by default, but can be turned off if you want to only use`
web commit by JoshTriplett: mention httpauth plugin. 2007-02-26 09:46:27 +01:00			`some other form of authentication, such as [[httpauth]] or [[openid]].`
web commit by JeremyReed: Document account_creation_password -- some of this text taken from original todo. 2008-01-16 17:14:33 +01:00
improve formatting and minor reword 2008-01-16 19:34:06 +01:00			When the `account_creation_password` configuration option is enabled with
documentation for use of hashed passwords Everything but the actual coding to support them. 2008-05-29 21:17:19 +02:00			`a password, this plugin prompts for the password when creating an`
			`account as a simplistic anti-spam measure.`
web commit by JeremyReed: Document account_creation_password -- some of this text taken from original todo. 2008-01-16 17:14:33 +01:00			`(Some wikis edited by a particular group use an account creation password`
			`as an "ask an existing member to get an account" system.)`

documentation for use of hashed passwords Everything but the actual coding to support them. 2008-05-29 21:17:19 +02:00			`## password storage`
web commit by JeremyReed: Document account_creation_password -- some of this text taken from original todo. 2008-01-16 17:14:33 +01:00
documentation for use of hashed passwords Everything but the actual coding to support them. 2008-05-29 21:17:19 +02:00			Users' passwords are stored in the `.ikiwiki/userdb` file, which needs to
			`be kept safe to prevent exposure of passwords. If the`
Migrate doc/plugins via prefix_directives This is a partial commit of: egrep -rl '\[\[[a-z]+ ' doc \| xargs --max-args 1 ./ikiwiki-transition prefix_directives 2008-07-21 13:31:57 +02:00			`[[!cpan Authen::Passphrase]] perl module is installed, only hashes of the`
documentation for use of hashed passwords Everything but the actual coding to support them. 2008-05-29 21:17:19 +02:00			`passwords will be stored. This is strongly recommended.`

			The `password_cost` configuration option can be used to make the stored
			`password hashes be more difficult to brute force, at the expense of also`
			`taking more time to check a password when a user logs into the wiki. The`
			`default value is 8, max value is (currently) 31, and each step doubles`
			`the time required.`

			`So if you're worried about your password files leaking and being cracked,`
			you can increase the `password_cost` and make that harder. But a better
			`choice might be to not deal with user passwords at all, and instead use`
			`[[openid]]!`