[BACK]Return to Domain_Configuration_LangTZAuth.tex CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / html / adm / help / tex
File:  [LON-CAPA] / loncom / html / adm / help / tex / Domain_Configuration_LangTZAuth.tex
Revision 1.11: download - view: text, annotated - select for diffs
Thu Mar 30 02:07:20 2017 UTC (7 years, 4 months ago) by raeburn
Branches: MAIN
CVS tags: version_2_11_2_uiuc, version_2_11_2_msu, version_2_11_2_educog, version_2_11_2, HEAD
- Document domain configuration for internal authentication using bcrypt
  to encrypt a user's password.

    1: \label{Domain_Configuration_LangTZAuth}
    2: Prior to LON-CAPA 2.7, default language and authentication type/argument
    3: were defined in the domain's entry in the domain.tab file. Those settings
    4: will continue to be used by servers in your domain until you have
    5: displayed and saved the Default authentication, language, timezone data
    6: table. Once that has been done, whenever values need to be determined
    7: for these settings in the domain they will be retrieved from the configuration.db
    8: file on the primary library server in your domain, which is where
    9: information saved from the {}``Domain Configuration'' data tables
   10: is stored. Any information in the domain.tab file will no longer be
   11: consulted, except by servers running pre-2.7 versions of LON-CAPA.
   12: 
   13: \textbf{Default domain configurations} can be assigned for: 
   14: 
   15: \begin{itemize}
   16: \item \textit{default language} used by users in your domain, unless overridden by
   17: a user preference
   18: \item \textit{default authentication type} for new users in the domain. You will
   19: need to set the default authentication if you intend to allow a user
   20: to create a LON-CAPA account if the user successfully authenticated
   21: via a central service at your institution (e.g., Kerberos), but is
   22: without a LON-CAPA account. The default authentication is also the
   23: default offered when Course Coordinators or Authors create new accounts,
   24: assuming user creation is permitted in these contexts.
   25: \item \textit{default timezone} - this will be the timezone used when showing any
   26: times in your domain, unless overridden at a course level, by a course-wide
   27: timezone. The timezones available are mostly in the form Continent/City,
   28: although for the USA there are some in the form America/State/City
   29: as well as EST5EDT, CST6CDT, MST7MDT, PST8PDT and HST (for Eastern,
   30: Central, Mountain, Pacific and Hawaii Timezones, which adjust for
   31: daylight savings as appropriate). If no default timezone is set times
   32: will be displayed according to the timezone of the server hosting
   33: the user's LON-CAPA session.
   34: \item \textit{portal/default URL} - starting with LON-CAPA 2.10, a default URL can
   35: be specified.  This URL will be included in e-mail sent to confirm self-enrollment etc.
   36: and might be for a load-balancer LON-CAPA server, or in the case of a multi-domain server,
   37: for a specific alias used for the domain.
   38: \end{itemize}
   39: 
   40: \textbf{Domain settings for internal authentication} can also be set via the same screen.
   41: 
   42: \begin{itemize}
   43: \item \textit{Encryption cost for bcrypt} (positive integer). Starting with 2.11.2, 
   44: bcrypt is used to encrypt the password for an internally authenticated user.
   45: The complexity of the encryption is determined by the bcrypt cost value. A higher 
   46: value means more complexity (and more time to validate a user's password). The
   47: cost needs to be a positive integer. If no value is set in a domain, a default
   48: of 10 will be used.
   49: \item \textit{Check bcrypt cost if authenticated}. When an internally authenticated user
   50: logins and the credentials are validated, the bcrypt cost used for the original
   51: encryption can be compared with the current domain default. If the cost for
   52: the stored encryption is less than the current domain setting, there are two 
   53: options - either allow login and update the stored encryption using the higher cost,
   54: or disallow login.  The default is not to compare the original cost with the
   55: current domain setting.
   56: \item \textit{Existing crypt-based switched to bcrypt if authenticated}. When an internally 
   57: authenticated user logs-in and the credentials are validated, if the stored
   58: credentials are currently encrypted with crypt, there is an option to update
   59: the stored encryption to use bcrypt, with or without backing-up the existing passwd
   60: file to a passwd.bak file.  The default is not to update the stored passwd file,
   61: so existing users who have crypt-based stored passwords will continue to do so 
   62: until such time as they change their password.
   63: \end{itemize}
   64: 
   65: \textbf{Institutional user types} can also be defined for the domain via the same screen.
   66: 
   67: Prior to LON-CAPA 2.11, institutional user types were defined in the \&inst\_usertypes
   68: subroutine in localenroll.pm, which would be customized for consistency with types 
   69: defined in institutional data feeds.  Setting of user types via the Domain Configuration
   70: web GUI supersedes use of localenroll::inst\_usertypes().  Items that can be set are:
   71: 
   72: \begin{itemize}
   73: \item \textit{Internal ID} (e.g., faculty)
   74: \item \textit{Name Displayed} (e.g., Faculty/Academic Staff)
   75: \item \textit{Order} (Listing order, 1 through N, when the type is to be selected from a list).
   76: \item \textit{Assignment to ``email-based'' usernames} Whether status type can also be assigned to a non-institutional user with an e-mail address as username
   77: \end{itemize}
   78:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>