summaryrefslogtreecommitdiff
path: root/doc/plugins/passwordauth.mdwn
blob: fe680a0f8543bb5867fb246dbc74c48740757b4f (plain)

[[!template id=plugin name=passwordauth core=1 author="[[Joey]]"]] [[!tag type/auth]]

This plugin lets ikiwiki prompt for a user name and password when logging into the wiki. It also handles registering users, resetting passwords, and changing passwords in the prefs page.

It is enabled by default, but can be turned off if you want to only use some other form of authentication, such as [[httpauth]] or [[openid]].

When the account_creation_password configuration option is enabled with a password, this plugin prompts for the password when creating an account as a simplistic anti-spam measure. (Some wikis edited by a particular group use an account creation password as an "ask an existing member to get an account" system.)

password storage

Users' passwords are stored in the .ikiwiki/userdb file, which needs to be kept safe to prevent exposure of passwords. If the [[!cpan Authen::Passphrase]] perl module is installed, only hashes of the passwords will be stored. This is strongly recommended.

The password_cost configuration option can be used to make the stored password hashes be more difficult to brute force, at the expense of also taking more time to check a password when a user logs into the wiki. The default value is 8, max value is (currently) 31, and each step doubles the time required.

So if you're worried about your password files leaking and being cracked, you can increase the password_cost and make that harder. But a better choice might be to not deal with user passwords at all, and instead use [[openid]]!