summaryrefslogtreecommitdiff
path: root/doc/plugins
diff options
context:
space:
mode:
authorJoey Hess <joey@kodama.kitenet.net>2008-05-29 15:17:19 -0400
committerJoey Hess <joey@kodama.kitenet.net>2008-05-29 15:17:19 -0400
commit4152dca09e6a7d9b0da81cb5ac6f76e8f05d2a23 (patch)
treecc982e849a97ea7d4105dda3e3ae5ce4462b0775 /doc/plugins
parent774a5f86b2fa8dcbc561c50901cf655711e836dc (diff)
documentation for use of hashed passwords
Everything but the actual coding to support them.
Diffstat (limited to 'doc/plugins')
-rw-r--r--doc/plugins/passwordauth.mdwn22
1 files changed, 19 insertions, 3 deletions
diff --git a/doc/plugins/passwordauth.mdwn b/doc/plugins/passwordauth.mdwn
index 5e3dbfbaf..13acfe2d1 100644
--- a/doc/plugins/passwordauth.mdwn
+++ b/doc/plugins/passwordauth.mdwn
@@ -2,16 +2,32 @@
[[tag type/auth]]
This plugin lets ikiwiki prompt for a user name and password when logging
-into the wiki. It also handles registering users, mailing passwords, and
+into the wiki. It also handles registering users, resetting passwords, and
changing passwords in the prefs page.
It is enabled by default, but can be turned off if you want to only use
some other form of authentication, such as [[httpauth]] or [[openid]].
When the `account_creation_password` configuration option is enabled with
-a pass-phrase, this plugin prompts for the password when creating an
-account as a implistic anti-spam measure.
+a password, this plugin prompts for the password when creating an
+account as a simplistic anti-spam measure.
(Some wikis edited by a particular group use an account creation password
as an "ask an existing member to get an account" system.)
+## password storage
+Users' passwords are stored in the `.ikiwiki/userdb` file, which needs to
+be kept safe to prevent exposure of passwords. If the
+[[Authen::Passphrase]] perl module is installed, only hashes of the
+passwords will be stored. This is strongly recommended.
+
+The `password_cost` configuration option can be used to make the stored
+password hashes be more difficult to brute force, at the expense of also
+taking more time to check a password when a user logs into the wiki. The
+default value is 8, max value is (currently) 31, and each step *doubles*
+the time required.
+
+So if you're worried about your password files leaking and being cracked,
+you can increase the `password_cost` and make that harder. But a better
+choice might be to not deal with user passwords at all, and instead use
+[[openid]]!