diff options
author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-07-30 21:10:21 +0200 |
---|---|---|
committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-08-01 15:25:08 +0200 |
commit | d8c2ca930673da858d63f2dea9526c259a2dd936 (patch) | |
tree | 74dc6f309123380bac8ccdff1c0eb7056602e5fb /doc/disfluid.texi | |
parent | 0367cbc75712f4be692a1ec3d37510cf2751ca3a (diff) |
Load the encrypted password from a file
This is more secure, because you can restrict the password file to be
only readable by the service user.
Diffstat (limited to 'doc/disfluid.texi')
-rw-r--r-- | doc/disfluid.texi | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/doc/disfluid.texi b/doc/disfluid.texi index bebc61b..d2558b4 100644 --- a/doc/disfluid.texi +++ b/doc/disfluid.texi @@ -190,8 +190,11 @@ because a malicious user could set the identity header. The identity provider can only handle one user. If you want to handle multiple users, it is highly advised to use a different host name for each user, in case the server is accessed from a web browser. You can -set the identity of the user with @samp{--subject}, and the user’s -password with @samp{--encrypted-password}. +set the identity of the user with @samp{--subject}, and write the +user’s password in a file. Pass the file name with +@samp{--encrypted-password-file}. You can pass the encrypted password +directly with @samp{--encrypted-password}, but the encrypted password +will be public. The encrypted password format is defined by the crypt function in the C library. For glibc, it looks like this: |