4848 |
13 Jun 18 |
nicklas |
1 |
## |
4848 |
13 Jun 18 |
nicklas |
## Configuration file for the OTP login extension |
4848 |
13 Jun 18 |
nicklas |
## (should be placed in the WEB-INF/classes directory) |
5183 |
06 Dec 18 |
nicklas |
## Modifications are detected and reloaded automatically |
5183 |
06 Dec 18 |
nicklas |
## without restarting the server. |
5183 |
06 Dec 18 |
nicklas |
6 |
## |
4848 |
13 Jun 18 |
nicklas |
7 |
|
4853 |
15 Jun 18 |
nicklas |
## The master password is used for encypting the secret keys |
4853 |
15 Jun 18 |
nicklas |
## given out to each user that has enabled OTP. The password |
4853 |
15 Jun 18 |
nicklas |
## MUST be configured before the use of this extension and |
4853 |
15 Jun 18 |
nicklas |
## can't be changed later. If the master password really need |
4853 |
15 Jun 18 |
nicklas |
## to be changed then the Users.otp_secretkey column in the |
4853 |
15 Jun 18 |
nicklas |
## database need to nullified for all users. All users must |
4853 |
15 Jun 18 |
nicklas |
## then re-configure their OTP setup before they can login again. |
4853 |
15 Jun 18 |
nicklas |
master-password = CHANGE_ME_ONCE_BEFORE_INSTALLATION |
4853 |
15 Jun 18 |
nicklas |
16 |
|
4848 |
13 Jun 18 |
nicklas |
## It is possible to login with username and OTP (otp-only) only |
5157 |
30 Nov 18 |
nicklas |
## or with username, password and OTP (otp+password) |
5157 |
30 Nov 18 |
nicklas |
## The default is 'otp+password' |
5157 |
30 Nov 18 |
nicklas |
# login-method = otp+password |
4848 |
13 Jun 18 |
nicklas |
# login-method = otp-only |
4848 |
13 Jun 18 |
nicklas |
22 |
|
4848 |
13 Jun 18 |
nicklas |
## Comma- or whitespace separated list of application ids |
4848 |
13 Jun 18 |
nicklas |
## that should NEVER use OTP for login. For example, |
4848 |
13 Jun 18 |
nicklas |
## it is recommended that OTP is disabled for the |
5157 |
30 Nov 18 |
nicklas |
## FTP Server extension if that is installed. |
4848 |
13 Jun 18 |
nicklas |
# no-otp = net.sf.basedb.clients.ftp |
4848 |
13 Jun 18 |
nicklas |
28 |
|
4848 |
13 Jun 18 |
nicklas |
## Comma- or whitespace separated list of applications ids |
4848 |
13 Jun 18 |
nicklas |
## that MUST use OTP for login. Users accounts that |
4848 |
13 Jun 18 |
nicklas |
## have not been configured with an OTP will not be able to |
4848 |
13 Jun 18 |
nicklas |
## login with the clients (not even the ROOT user!). |
4848 |
13 Jun 18 |
nicklas |
# require-otp = net.sf.basedb.clients.web |
5157 |
30 Nov 18 |
nicklas |
34 |
|
5157 |
30 Nov 18 |
nicklas |
## Comma- or whitespace separated list of other authentication |
5157 |
30 Nov 18 |
nicklas |
## methods that are allowed even if a user account has been |
5157 |
30 Nov 18 |
nicklas |
## configured to login with OTP. If not specified, user |
5157 |
30 Nov 18 |
nicklas |
## accounts that have configured OTP MUST use OTP. This setting |
5157 |
30 Nov 18 |
nicklas |
## doesn't affect user accounts without OTP. |
5157 |
30 Nov 18 |
nicklas |
## For example: use 'password' to allow users to login with regular |
5157 |
30 Nov 18 |
nicklas |
## username and password, or use '*' as a wildcard to allow all |
5157 |
30 Nov 18 |
nicklas |
## other authentication methods. Note that this setting doesn't |
5157 |
30 Nov 18 |
nicklas |
## override the 'no-otp' or 'require-otp' settings. |
5157 |
30 Nov 18 |
nicklas |
# allow-other-authentication = |