forked from jsxc/xmpp-cloud-auth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
xcauth.conf
95 lines (81 loc) · 2.84 KB
/
xcauth.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# Example xcauth.py configuration file
#
# Preferably put this in /etc,
# and make it readable only for the user the XMPP server is running under
# Type: ejabberd or prosody
#
#type=ejabberd
#type=prosody
# Secret: API token
# Shown in the Nextcloud JSXC administration settings
#
# :warning: The real secret must not fall into the wrong hands!
# Anyone knowing it can authenticate as any user to the XMPP server.
#
#secret=0123456789ABCDEF
# URL: Where JSXC for Nextcloud (>=3.2.0) can be queried
# Shown in the Nextcloud JSXC administration settings
#
#url=https://example.org/index.php/apps/ojsxc/ajax/externalApi.php
# Request timeout
# The timeout to apply for both the connection setup and awaiting
# a response, each.
#
timeout=5
# Dynamic database of additional domains
# Only necessary if you plan dynamically host additional domains.
# If this is unset, dynamic domain support is disabled.
# Please ensure that the containing directory is writable by the xcauth user.
#
#domain-db=/var/lib/xcauth/dynamic-domains.db
# Log: Log directory
# In this directory, xcauth.{log,err} will be created
#
#log=/var/log/ejabberd
#log=/var/log/prosody
log=/var/log/xcauth
# User caching: Cache database location
# Where to store a cache database to avoid queries.
# If this is unset, the user cache is disabled.
# Please ensure that the containing directory is writable by the xcauth user.
#
#cache-db=/var/cache/xcauth/user-cache.db
# User caching: TTL since last query
# Use cache entry if most recent query is not older than this timespan
# Time is measured in seconds, unless `s`, `m`, `h`, `d`, `w` is used
# as a suffix (seconds, minutes, hours, days, weeks, respectively).
#
cache-query-ttl=4h
# User caching: TTL since last verification
# Use cache entry if most recent verification against the backend is
# not older than this and has been queried at least once every
# `cache-query-ttl`. Time is measured as for `cache-query-ttl`
#
cache-verification-ttl=1d
# User caching: TTL when backend unreachable
# Use cache entry if the request to the backend files for a reason
# other than "password invalid". Then, independent of the other TTLs above,
# any verification younger than this time will be considered valid.
# Time is measured as for `cache-query-ttl`.
#
cache-unreachable-ttl=1w
# User caching: Password hashing complexity
# Hash passwords with 2^cache-bcrypt-rounds before storing (i.e., every
# increasing this parameter results in twice as much computation time,
# both for XMPP cloud auth and an attacker).
#
# The current default as of Summer 2017 is 12.
#
#cache-bcrypt-rounds=12
# Shared roster: ejabberdctl path
# Which ejabberdctl to use, and whether to use an ejabberctl at all.
# Default: none
#
#ejabberdctl=/opt/ejabberd/bin/ejabberdctl
# Shared roster: Database to consult
# Default: none
#
#shared-roster-db=/var/lib/xcauth/shared-roster.db
# Debug: Log more
#
#debug