[%# The contents of this file are subject to the Mozilla Public # License Version 1.1 (the "License"); you may not use this file # except in compliance with the License. You may obtain a copy of # the License at http://www.mozilla.org/MPL/ # # Software distributed under the License is distributed on an "AS # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or # implied. See the License for the specific language governing # rights and limitations under the License. # # The Original Code is the Bugzilla Bug Tracking System. # # The Initial Developer of the Original Code is Netscape Communications # Corporation. Portions created by Netscape are # Copyright (C) 1998 Netscape Communications Corporation. All # Rights Reserved. # # Contributor(s): Dave Miller # Frédéric Buclin # Marc Schumann #%] [% title = "User Authentication" desc = "Set up your authentication policies" %] [% param_descs = { auth_env_id => "Environment variable used by external authentication system " _ "to store a unique identifier for each user. Leave it blank " _ "if there isn't one or if this method of authentication " _ "is not being used.", auth_env_email => "Environment variable used by external authentication system " _ "to store each user's email address. This is a required " _ "field for environmental authentication. Leave it blank " _ "if you are not going to use this feature.", auth_env_realname => "Environment variable used by external authentication system " _ "to store the user's real name. Leave it blank if there " _ "isn't one or if this method of authentication is not being " _ "used.", user_info_class => "Mechanism(s) to be used for gathering a user's login information. More than one may be selected. If the first one returns nothing, the second is tried, and so on.
The types are:
CGI
Asks for username and password via CGI form interface.
Env
Info for a pre-authenticated user is passed in system environment variables.
", user_verify_class => "Mechanism(s) to be used for verifying (authenticating) information gathered by user_info_class. More than one may be selected. If the first one cannot find the user, the second is tried, and so on.
The types are:
DB
${terms.Bugzilla}'s built-in authentication. This is the most common choice.
RADIUS
RADIUS authentication using a RADIUS server. Please see the $terms.Bugzilla documentation for more information. Using this method requires additional parameters to be set.
LDAP
LDAP authentication using an LDAP server. Please see the $terms.Bugzilla documentation for more information. Using this method requires additional parameters to be set.
", rememberlogin => "Controls management of session cookies
  • on - Session cookies never expire (the user has to login only once per browser).
  • off - Session cookies last until the users session ends (the user will have to login in each new browser session).
  • defaulton/defaultoff - Default behavior as described above, but user can choose whether $terms.Bugzilla will remember his login or not.
", requirelogin => "If this option is set, all access to the system beyond the " _ "front page will require a login. No anonymous users will " _ "be permitted.", webservice_email_filter => "Filter email addresses returned by the WebService API depending on " _ "if the user is logged in or not. This works similarly to how the " _ "web UI currently filters email addresses. If requirelogin " _ "is enabled, then this parameter has no effect as users must be logged " _ "in to use Bugzilla.", emailregexp => "This defines the regexp to use for legal email addresses. The " _ "default tries to match fully qualified email addresses. Another " _ "popular value to put here is ^[^@]+$, which means " _ "'local usernames, no @ allowed.'", emailregexpdesc => "This describes in English words what kinds of legal addresses " _ "are allowed by the emailregexp param.", emailsuffix => "This is a string to append to any email addresses when actually " _ "sending mail to that address. It is useful if you have changed " _ "the emailregexp param to only allow local usernames, " _ "but you want the mail to be delivered to username@my.local.hostname.", createemailregexp => "This defines the (case-insensitive) regexp to use for email addresses that are " _ "permitted to self-register using a 'New Account' feature. The " _ "default (.*) permits any account matching the emailregexp " _ "to be created. If this parameter is left blank, no users " _ "will be permitted to create their own accounts and all accounts " _ "will have to be created by an administrator.", password_complexity => "Set the complexity required for passwords. In all cases must the passwords " _ "be at least ${constants.USER_PASSWORD_MIN_LENGTH} characters long." _ "
  • no_constraints - No complexity required.
  • " _ "
  • bmo - Passwords must meet at least three of the following conditions: " _ "
      " _ "
    • uppercase letters
    • " _ "
    • lowercase letters
    • " _ "
    • numbers
    • " _ "
    • symbols
    • " _ "
    • longer than 12 characters
    • " _ "
  • " _ "
", password_check_on_login => "If set, $terms.Bugzilla will check that the password meets the current " _ "complexity rules and minimum length requirements when the user logs " _ "into the $terms.Bugzilla web interface. If it doesn't, the user would " _ "not be able to log in, and recieve a message to reset their password.", auth_delegation => "If set, $terms.Bugzilla will allow third party applications " _ "to request API keys for users.", duo_host => "The 'API hostname' for Duo 2FA. This value is provided by your " _ "Duo Security administrator. Set this to a blank value to disable" _ "Duo 2FA.", duo_akey => "The 'integration secret key' for Duo 2FA. This is automatically " _ "generated by checksetup.pl.", duo_ikey => "The 'integration key' for Duo 2FA. This value is provided by your " _ "Duo Security administrator.", duo_skey => "The 'secret key' for Duo 2FA. This value is provided by your " _ "Duo Security administrator.", }, %]