s/sslrequire/requiressl/g
http://schmonz.livejournal.com/
Joey Hess
parent
bd5f94d2ac
commit
fd16016833
|
|
@ -9,8 +9,8 @@ Config variables that affect the behavior of `unixauth`:
|
||||||
|
|
||||||
* `unixauth_type`: defaults to unset, can be "checkpassword" or "pwauth"
|
* `unixauth_type`: defaults to unset, can be "checkpassword" or "pwauth"
|
||||||
* `unixauth_command`: defaults to unset, should contain the full path and any arguments
|
* `unixauth_command`: defaults to unset, should contain the full path and any arguments
|
||||||
* `unixauth_sslrequire`: defaults to 1, can be 0
|
* `unixauth_requiressl`: defaults to 1, can be 0
|
||||||
* `sslcookie`: needs to be 1 if `unixauth_sslrequire` is 1 (perhaps this should be done automatically?)
|
* `sslcookie`: needs to be 1 if `unixauth_requiressl` is 1 (perhaps this should be done automatically?)
|
||||||
|
|
||||||
__Security__: [As with passwordauth](/security/#index14h2), be wary of sending usernames and passwords in cleartext. Unlike passwordauth, sniffing `unixauth` credentials can get an attacker much further than mere wiki access. Therefore, this plugin defaults to not even _displaying_ the login form fields unless we're running under SSL. Nobody should be able to do anything remotely dumb until the admin has done at least a little thinking. After that, dumb things are always possible. ;-)
|
__Security__: [As with passwordauth](/security/#index14h2), be wary of sending usernames and passwords in cleartext. Unlike passwordauth, sniffing `unixauth` credentials can get an attacker much further than mere wiki access. Therefore, this plugin defaults to not even _displaying_ the login form fields unless we're running under SSL. Nobody should be able to do anything remotely dumb until the admin has done at least a little thinking. After that, dumb things are always possible. ;-)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue