Annotation of loncom/html/adm/help/tex/Domain_Configuration_LangTZAuth.tex, revision 1.11
1.5 raeburn 1: \label{Domain_Configuration_LangTZAuth}
1.2 raeburn 2: Prior to LON-CAPA 2.7, default language and authentication type/argument
3: were defined in the domain's entry in the domain.tab file. Those settings
4: will continue to be used by servers in your domain until you have
1.10 raeburn 5: displayed and saved the Default authentication, language, timezone data
1.2 raeburn 6: table. Once that has been done, whenever values need to be determined
7: for these settings in the domain they will be retrieved from the configuration.db
8: file on the primary library server in your domain, which is where
1.3 raeburn 9: information saved from the {}``Domain Configuration'' data tables
1.2 raeburn 10: is stored. Any information in the domain.tab file will no longer be
11: consulted, except by servers running pre-2.7 versions of LON-CAPA.
1.1 raeburn 12:
1.11 ! raeburn 13: \textbf{Default domain configurations} can be assigned for:
1.1 raeburn 14:
15: \begin{itemize}
1.11 ! raeburn 16: \item \textit{default language} used by users in your domain, unless overridden by
1.2 raeburn 17: a user preference
1.11 ! raeburn 18: \item \textit{default authentication type} for new users in the domain. You will
1.2 raeburn 19: need to set the default authentication if you intend to allow a user
20: to create a LON-CAPA account if the user successfully authenticated
21: via a central service at your institution (e.g., Kerberos), but is
22: without a LON-CAPA account. The default authentication is also the
23: default offered when Course Coordinators or Authors create new accounts,
24: assuming user creation is permitted in these contexts.
1.11 ! raeburn 25: \item \textit{default timezone} - this will be the timezone used when showing any
1.2 raeburn 26: times in your domain, unless overridden at a course level, by a course-wide
27: timezone. The timezones available are mostly in the form Continent/City,
28: although for the USA there are some in the form America/State/City
29: as well as EST5EDT, CST6CDT, MST7MDT, PST8PDT and HST (for Eastern,
30: Central, Mountain, Pacific and Hawaii Timezones, which adjust for
1.4 raeburn 31: daylight savings as appropriate). If no default timezone is set times
1.6 raeburn 32: will be displayed according to the timezone of the server hosting
1.2 raeburn 33: the user's LON-CAPA session.
1.11 ! raeburn 34: \item \textit{portal/default URL} - starting with LON-CAPA 2.10, a default URL can
1.7 raeburn 35: be specified. This URL will be included in e-mail sent to confirm self-enrollment etc.
1.8 raeburn 36: and might be for a load-balancer LON-CAPA server, or in the case of a multi-domain server,
1.9 raeburn 37: for a specific alias used for the domain.
1.1 raeburn 38: \end{itemize}
1.9 raeburn 39:
1.11 ! raeburn 40: \textbf{Domain settings for internal authentication} can also be set via the same screen.
! 41:
! 42: \begin{itemize}
! 43: \item \textit{Encryption cost for bcrypt} (positive integer). Starting with 2.11.2,
! 44: bcrypt is used to encrypt the password for an internally authenticated user.
! 45: The complexity of the encryption is determined by the bcrypt cost value. A higher
! 46: value means more complexity (and more time to validate a user's password). The
! 47: cost needs to be a positive integer. If no value is set in a domain, a default
! 48: of 10 will be used.
! 49: \item \textit{Check bcrypt cost if authenticated}. When an internally authenticated user
! 50: logins and the credentials are validated, the bcrypt cost used for the original
! 51: encryption can be compared with the current domain default. If the cost for
! 52: the stored encryption is less than the current domain setting, there are two
! 53: options - either allow login and update the stored encryption using the higher cost,
! 54: or disallow login. The default is not to compare the original cost with the
! 55: current domain setting.
! 56: \item \textit{Existing crypt-based switched to bcrypt if authenticated}. When an internally
! 57: authenticated user logs-in and the credentials are validated, if the stored
! 58: credentials are currently encrypted with crypt, there is an option to update
! 59: the stored encryption to use bcrypt, with or without backing-up the existing passwd
! 60: file to a passwd.bak file. The default is not to update the stored passwd file,
! 61: so existing users who have crypt-based stored passwords will continue to do so
! 62: until such time as they change their password.
! 63: \end{itemize}
! 64:
! 65: \textbf{Institutional user types} can also be defined for the domain via the same screen.
1.9 raeburn 66:
67: Prior to LON-CAPA 2.11, institutional user types were defined in the \&inst\_usertypes
68: subroutine in localenroll.pm, which would be customized for consistency with types
69: defined in institutional data feeds. Setting of user types via the Domain Configuration
70: web GUI supersedes use of localenroll::inst\_usertypes(). Items that can be set are:
71:
72: \begin{itemize}
1.11 ! raeburn 73: \item \textit{Internal ID} (e.g., faculty)
! 74: \item \textit{Name Displayed} (e.g., Faculty/Academic Staff)
! 75: \item \textit{Order} (Listing order, 1 through N, when the type is to be selected from a list).
! 76: \item \textit{Assignment to ``email-based'' usernames} Whether status type can also be assigned to a non-institutional user with an e-mail address as username
1.9 raeburn 77: \end{itemize}
78:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>