[%# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
#%]
[%
title = "User Authentication"
desc = "Set up your authentication policies"
%]
[% param_descs = {
auth_env_id => "Environment variable used by external authentication system " _
"to store a unique identifier for each user. Leave it blank " _
"if there isn't one or if this method of authentication " _
"is not being used.",
auth_env_email => "Environment variable used by external authentication system " _
"to store each user's email address. This is a required " _
"field for environmental authentication. Leave it blank " _
"if you are not going to use this feature.",
auth_env_realname => "Environment variable used by external authentication system " _
"to store the user's real name. Leave it blank if there " _
"isn't one or if this method of authentication is not being " _
"used.",
user_info_class => "Mechanism(s) to be used for gathering a user's login information.
More than one may be selected. If the first one returns nothing,
the second is tried, and so on.
The types are:
- CGI
-
Asks for username and password via CGI form interface.
- Env
-
Info for a pre-authenticated user is passed in system
environment variables.
",
user_verify_class => "Mechanism(s) to be used for verifying (authenticating) information
gathered by user_info_class.
More than one may be selected. If the first one cannot find the
user, the second is tried, and so on.
The types are:
- DB
-
${terms.Bugzilla}'s built-in authentication. This is the most common
choice.
- RADIUS
-
RADIUS authentication using a RADIUS server.
Please see the $terms.Bugzilla documentation for
more information.
Using this method requires
additional
parameters to be set.
- LDAP
-
LDAP authentication using an LDAP server.
Please see the $terms.Bugzilla documentation
for more information. Using this method requires
additional
parameters to be set.
",
rememberlogin => "Controls management of session cookies
-
on - Session cookies never expire (the user has to login only
once per browser).
-
off - Session cookies last until the users session ends (the user
will have to login in each new browser session).
-
defaulton/defaultoff - Default behavior as described
above, but user can choose whether $terms.Bugzilla will remember his
login or not.
",
requirelogin => "If this option is set, all access to the system beyond the " _
"front page will require a login. No anonymous users will " _
"be permitted.",
webservice_email_filter =>
"Filter email addresses returned by the WebService API depending on " _
"if the user is logged in or not. This works similarly to how the " _
"web UI currently filters email addresses. If requirelogin " _
"is enabled, then this parameter has no effect as users must be logged " _
"in to use ${terms.Bugzilla}.",
emailregexp =>
"This defines the regular expression to use for legal email addresses. " _
"The default tries to match fully qualified email addresses. " _
"Use .* to accept any email address following the " _
"RFC 2822 " _
"specification. Another popular value to put here is ^[^@]+$, " _
"which means 'local usernames, no @ allowed.'",
emailregexpdesc => "This description explains valid addresses that " _
"are allowed by the emailregexp param.",
emailsuffix => "This is a string to append to any email addresses when actually " _
"sending mail to that address. It is useful if you have changed " _
"the emailregexp param to only allow local usernames, " _
"but you want the mail to be delivered to username@my.local.hostname.",
createemailregexp => "This defines the (case-insensitive) regexp to use for email addresses that are " _
"permitted to self-register using a 'New Account' feature. The " _
"default (.*) permits any account matching the emailregexp " _
"to be created. If this parameter is left blank, no users " _
"will be permitted to create their own accounts and all accounts " _
"will have to be created by an administrator.",
password_complexity =>
"Set the complexity required for passwords. In all cases must the passwords " _
"be at least ${constants.USER_PASSWORD_MIN_LENGTH} characters long." _
"- no_constraints - No complexity required.
" _
"- mixed_letters - Passwords must contain at least one UPPER and one lower " _
"case letter.
" _
"- letters_numbers - Passwords must contain at least one UPPER and one " _
"lower case letter and a number.
" _
"- letters_numbers_specialchars - Passwords must contain at least one " _
"letter, a number and a special character.
"
}
%]