Update documentation (#695)
This commit is contained in:
parent
3cdae47735
commit
ea36359463
|
@ -387,8 +387,21 @@ ignoreregex =
|
|||
|
||||
<p>
|
||||
Restart fail2ban
|
||||
|
||||
</p>
|
||||
|
||||
</div>
|
||||
<!-- SECTION "Fail2ban" [6753-] --></div><!-- closes <div class="dokuwiki export">-->
|
||||
<!-- SECTION "Fail2ban" [6753-7806] -->
|
||||
<h2><a name="sessions_identifier" id="sessions_identifier">Sessions identifier</a></h2>
|
||||
<div class="level2">
|
||||
|
||||
<p>
|
||||
|
||||
You can change the module used for sessions identifier generation. To do, add <code>generateModule</code> key in the configured session backend options.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
We recommend the use of <code>Lemonldap::NG::Common::Apache::Session::Generate::SHA256</code>.
|
||||
</p>
|
||||
|
||||
</div>
|
||||
<!-- SECTION "Sessions identifier" [7807-] --></div><!-- closes <div class="dokuwiki export">-->
|
|
@ -49,7 +49,13 @@ To configure sessions, go in Manager, <code>General Parameters</code> » <code>S
|
|||
<ul>
|
||||
<li class="level1"><div class="li"> <strong>Opening conditions</strong>: rules which are evaluated before granting session. If a user does not comply with any condition, he is prompted a customized message. That message can contain session data as user attributes or macros. The conditions are checked in alphabetical order of comments.</div>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>Sessions Storage</strong>: see <a href="../../documentation/1.4/start.html#sessions_database" class="wikilink1" title="documentation:1.4:start">sessions database configuration</a>.</div>
|
||||
<li class="level1"><div class="li"> <strong>Sessions Storage</strong>: you can define here which session backend to use, with the backend options. See <a href="../../documentation/1.4/start.html#sessions_database" class="wikilink1" title="documentation:1.4:start">sessions database configuration</a> to know which modules you can use. Here are some global options that you can use with all sessions backends:</div>
|
||||
<ul>
|
||||
<li class="level2"><div class="li"> <strong>generateModule</strong>: allows to override the default module that generates sessions identifiers. For security reasons, we recommend to use Lemonldap::NG::Common::Apache::Session::Generate::SHA256</div>
|
||||
</li>
|
||||
<li class="level2"><div class="li"> <strong>IDLength</strong>: length of sessions identifiers. Max is 32 for MD5 and 64 for SHA256</div>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li class="level1"><div class="li"> <strong>Multiple sessions</strong>, you can restrict the number of open sessions:</div>
|
||||
<ul>
|
||||
|
|
|
@ -136,8 +136,21 @@ PerlHeaderParserHandler Lemonldap::NG::Handler::Specific::SympaAutoLogin
|
|||
<p>
|
||||
|
||||
</div></p>
|
||||
|
||||
</p>
|
||||
|
||||
</div>
|
||||
<!-- SECTION "Specific handlers" [853-] --></div><!-- closes <div class="dokuwiki export">-->
|
||||
<!-- SECTION "Specific handlers" [853-1626] -->
|
||||
<h2><a name="security" id="security">Security</a></h2>
|
||||
<div class="level2">
|
||||
|
||||
<p>
|
||||
|
||||
We found that the default session identifier generation may be too simple and can allow to do brute force attack to find a valid session identifier (see <a href="https://jira.ow2.org/browse/LEMONLDAP-695" class="urlextern" title="https://jira.ow2.org/browse/LEMONLDAP-695" rel="nofollow">https://jira.ow2.org/browse/LEMONLDAP-695</a>).
|
||||
</p>
|
||||
|
||||
<p>
|
||||
We recommend that you use a new generate module. Add <code>generateModule</code> key inside your sessions backend options and use <code>Lemonldap::NG::Common::Apache::Session::Generate::SHA256</code> as value.
|
||||
</p>
|
||||
|
||||
</div>
|
||||
<!-- SECTION "Security" [1627-] --></div><!-- closes <div class="dokuwiki export">-->
|
Loading…
Reference in New Issue
Block a user