-
Notifications
You must be signed in to change notification settings - Fork 18
/
xcauth.conf
109 lines (96 loc) · 3.56 KB
/
xcauth.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# Example xcauth.py configuration file
#
# Preferably put this in /etc,
# and make it readable only for the user the XMPP server is running under
# Type: ejabberd, prosody (=generic), saslauthd, or postfix
#
#type=ejabberd
#type=prosody
type=generic
# Secret: API token
# Shown in the Nextcloud JSXC administration settings
#
# :warning: The real secret must not fall into the wrong hands!
# Anyone knowing it can authenticate as any user to the XMPP server.
#
#secret=0123456789ABCDEF
# URL: Where JSXC for Nextcloud (>=3.2.0) can be queried
# Shown in the Nextcloud JSXC administration settings
#
#url=https://example.org/index.php/apps/ojsxc/ajax/externalApi.php
# Request timeout
# The timeout to apply for both the connection setup and awaiting
# a response. If set to a tuple, the first value applies to connection
# setup only, the second for waiting for the response.
#
#timeout=5,10
# Database to use for additional information
# - When serving multiple domains
# - When wishing to cache user information
# (to reduce the load on Nextcloud and continue if it is unavailable shortly)
# (see [Database documentation](./doc/Database.md) for more information).
#
# Can be any path allowed by SQLite3, including the ':memory:' special value.
#
#db=/var/lib/xcauth/xcauth.sqlite3
# Log: Log directory
# In this directory, xcauth.{log,err} will be created
#
#log=/var/log/ejabberd
#log=/var/log/prosody
log=/var/log/xcauth
# User caching: Cache database/policy
# Where to store a cache database to avoid queries.
# - 'none' (default): Disable the cache
# - 'memory': Use an in-memory cache
# - 'db': Use the main db specified with `--db`
# (`--db=:memory:` and `--cache-storage=db` does not count as
# an in-memory database for the `--cache-bcrypt` logic below)
#
#cache-storage=none
# User caching: TTL since last query
# Use cache entry if most recent query is not older than this timespan
# Time is measured in seconds, unless `s`, `m`, `h`, `d`, `w` is used
# as a suffix (seconds, minutes, hours, days, weeks, respectively).
#
#cache-query-ttl=4h
# User caching: TTL since last verification
# Use cache entry if most recent verification against the backend is
# not older than this and has been queried at least once every
# `cache-query-ttl`. Time is measured as for `cache-query-ttl`
#
#cache-verification-ttl=1d
# User caching: TTL when backend unreachable
# Use cache entry if the request to the backend files for a reason
# other than "password invalid". Then, independent of the other TTLs above,
# any verification younger than this time will be considered valid.
# Time is measured as for `cache-query-ttl`.
#
#cache-unreachable-ttl=1w
# User caching: Password hashing complexity
# Hash passwords with 2^cache-bcrypt-rounds before storing (i.e., every
# increasing this parameter results in twice as much computation time,
# both for XMPP cloud auth and an attacker).
#
# If this is a tuple, the first value will be used for persistent,
# the second for in-memory databases (with `cache-storage=memory`).
#
# The current default for bcrypt of Summer 2018 is 12.
#
#cache-bcrypt-rounds=12,4
# Shared roster: ejabberdctl path
# Which ejabberdctl to use, and whether to use an ejabberctl at all.
# When set, updates *ejabberd* shared roster from the Nextcloud name
# and group information on each login.
#
# `xcejabberdctl` uses `sudo` and `/etc/sudoers.d/xcauth` to
# run as `ejabberdctl` as user `ejabberd`, and is the recommended
# way when run from `systemd`.
#
# Default: none (shared roster update disabled)
#
#ejabberdctl=/usr/sbin/ejabberdctl
#ejabberdctl=/usr/sbin/xcejabberdctl
# Debug: Log more
#
#debug