diff options
author | http://schmonz.livejournal.com/ <http://schmonz.livejournal.com/@web> | 2008-07-30 15:11:47 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2008-07-30 15:11:47 -0400 |
commit | fd160168332e90569f0f87b573a39687797c3fcd (patch) | |
tree | 1deea49194f331f7bfea433db0ca13d458742848 /doc | |
parent | bd5f94d2ac85d6fb5d60400345fe41b91f2d303c (diff) |
s/sslrequire/requiressl/g
Diffstat (limited to 'doc')
-rw-r--r-- | doc/plugins/contrib/unixauth.mdwn | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/plugins/contrib/unixauth.mdwn b/doc/plugins/contrib/unixauth.mdwn index 1917a242d..2de6fc51f 100644 --- a/doc/plugins/contrib/unixauth.mdwn +++ b/doc/plugins/contrib/unixauth.mdwn @@ -9,8 +9,8 @@ Config variables that affect the behavior of `unixauth`: * `unixauth_type`: defaults to unset, can be "checkpassword" or "pwauth" * `unixauth_command`: defaults to unset, should contain the full path and any arguments -* `unixauth_sslrequire`: defaults to 1, can be 0 -* `sslcookie`: needs to be 1 if `unixauth_sslrequire` is 1 (perhaps this should be done automatically?) +* `unixauth_requiressl`: defaults to 1, can be 0 +* `sslcookie`: needs to be 1 if `unixauth_requiressl` is 1 (perhaps this should be done automatically?) __Security__: [As with passwordauth](/security/#index14h2), be wary of sending usernames and passwords in cleartext. Unlike passwordauth, sniffing `unixauth` credentials can get an attacker much further than mere wiki access. Therefore, this plugin defaults to not even _displaying_ the login form fields unless we're running under SSL. Nobody should be able to do anything remotely dumb until the admin has done at least a little thinking. After that, dumb things are always possible. ;-) |