diff options
author | Christoph Burschka | 2014-01-17 07:06:57 +0100 |
---|---|---|
committer | Christoph Burschka | 2014-01-17 07:06:57 +0100 |
commit | 12147303e7904ac442b816cd218981d3305c6165 (patch) | |
tree | 0d2cd1b2fab84a42ef33ef3f0f1f626af84c2e0b /plugins/session/README.md | |
parent | Big multiple-plugins patch (fixes #2). (diff) | |
download | ejabberd-auth-php-12147303e7904ac442b816cd218981d3305c6165.tar.gz |
Completed documentation
Diffstat (limited to 'plugins/session/README.md')
-rw-r--r-- | plugins/session/README.md | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/plugins/session/README.md b/plugins/session/README.md index 9c931cb..4cd4273 100644 --- a/plugins/session/README.md +++ b/plugins/session/README.md @@ -23,6 +23,38 @@ The control flow is like this: If it exists and hasn't expired yet, it confirms the authentication and the user is logged in without a password. +Installation +------------ + +This plugin uses a database table, described in the packaged install.sql file. +Install it with this command: + + cat ./install.sql | replace '{TAB}' '<tablename>' | \ + mysql -h <host> -D <db> -u <user> -p<password> + +Next, you need to configure the database connection both in the main configuration +file and in the local `./config.php` of this plugin. + +Finally, link the `www/rpc.php` file inside your website root somewhere inside +your forum's cookie domain and path (most forums set the path to `/`, so the +domain should be sufficient). + +Usage +----- + +Whenever you need to authenticate to ejabberd, make a POST request to the URL +that points at `www/rpc.php` with `salt` set to a reasonably random 16 character +value. + +If the client making the POST request has a valid session for the site you're +authenticating with, then you will receive a JSON-encoded response as follows: + + `{"user":"<user>","secret":"<secret>","time":"<time>"} + +From the point in `<time>` to however long you configured the timeout +(60 seconds are recommended), `<secret>` will be accepted as a password +by ejabberd for `<user>` on any domains you set up to use the session +plugin. Security Considerations ----------------------- |