open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

doc(auth): Warn about disabled token passwords and LDAP logout

Browse Source 
Auth tokens store the user's login password by default. If the password
changes externally (on LDAP), all connected clients stop syncing after 5
minutes max when the password is verified the next time. A web login
revivess those app passwords.

If storing the password is disabled, the tokens continue to work after
password change. But that also means the clients are not logged out the
same way. This can be fine for some setups and problematic for others.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
pull/37678/head
Christoph Wurst 3 years ago
parent a05176a1f5
commit 20c65227d2
No known key found for this signature in database
GPG Key ID: CC42AC2A7F0E56D8
1 changed files with 4 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      config/config.sample.php

4
config/config.sample.php
Unescape View File

@ -347,6 +347,10 @@ $CONFIG = [
* characters).
*
* By default, the passwords are stored encrypted in the database.
*
* WARNING: If disabled, password changes on the user back-end (e.g. on LDAP) no
* longer log connected clients out automatically. Users can still disconnect
* the clients by deleting the app token from the security settings.
*/
'auth.storeCryptedPassword' => true,

Write Preview
Loading…
Cancel
Save