<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>passwordauth</title> <meta name="viewport" content="width=device-width, initial-scale=1" /> <link rel="stylesheet" href="../style.css" type="text/css" /> <link rel="stylesheet" href="../local.css" type="text/css" /> </head> <body> <div class="page"> <div class="pageheader"> <div class="header"> <span> <span class="parentlinks"> <a href="../index.html">ikiwiki</a>/ <a href="../plugins.html">plugins</a>/ </span> <span class="title"> passwordauth </span> </span> </div> </div> <div id="pagebody"> <div id="content" role="main"> <p><span class="infobox"> Plugin: passwordauth<br /> Author: <span class="createlink">Joey</span><br /> Included in ikiwiki: yes<br /> Enabled by default: yes<br /> Included in <a href="./goodstuff.html">goodstuff</a>: no<br /> Currently enabled: yes<br /> </span></p> <p>This plugin lets ikiwiki prompt for a user name and password when logging into the wiki. It also handles registering users, resetting passwords, and changing passwords in the prefs page.</p> <p>It is enabled by default, but can be turned off if you want to only use some other form of authentication, such as <a href="./httpauth.html">httpauth</a> or <a href="./openid.html">openid</a>.</p> <p>When the <code>account_creation_password</code> configuration option is enabled with a password, this plugin prompts for the password when creating an account as a simplistic anti-spam measure. (Some wikis edited by a particular group use an account creation password as an "ask an existing member to get an account" system.)</p> <h2>password storage</h2> <p>Users' passwords are stored in the <code>.ikiwiki/userdb</code> file, which needs to be kept safe to prevent exposure of passwords. If the <a href="http://search.cpan.org/search?mode=dist&query=Authen%3A%3APassphrase">Authen::Passphrase</a> perl module is installed, only hashes of the passwords will be stored. This is strongly recommended.</p> <p>The <code>password_cost</code> configuration option can be used to make the stored password hashes be more difficult to brute force, at the expense of also taking more time to check a password when a user logs into the wiki. The default value is 8, max value is (currently) 31, and each step <em>doubles</em> the time required.</p> <p>So if you're worried about your password files leaking and being cracked, you can increase the <code>password_cost</code> and make that harder. But a better choice might be to not deal with user passwords at all, and instead use <a href="./openid.html">openid</a>!</p> </div> </div> <div id="footer" class="pagefooter" role="contentinfo"> <div id="pageinfo"> <div class="tags"> Tags: <a href="./type/core.html" rel="tag">plugins/type/core</a> <a href="./type/auth.html" rel="tag">type/auth</a> </div> <div id="backlinks"> Links: <a href="./contrib/unixauth.html">contrib/unixauth</a> <a href="./emailauth.html">emailauth</a> <a href="./openid.html">openid</a> <a href="../security.html">security</a> </div> <div class="pagedate"> Last edited <span class="date">Tue Feb 26 23:01:54 2019</span> <!-- Created <span class="date">Tue Feb 26 23:01:54 2019</span> --> </div> </div> <!-- from ikiwiki --> </div> </div> </body> </html>