mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
08e674b62f
Updated all links to use https://www.authelia.com/docs/. Removed all comment sections from documented configuration on the documentation site and replaced them with their own sections. Made all documentation inside config.template.yml double hashes, and made all commented configuration sections single quoted. Added .yamllint.yaml to express our desired YAML styles. Added a style guide. Refactored many documentation areas to be 120 char widths where possible. It's by no means exhaustive but is a large start. Added a statelessness guide for the pending Kubernetes chart introduction. Added labels to configuration documentation and made many areas uniform.
83 lines
2.4 KiB
Markdown
83 lines
2.4 KiB
Markdown
---
|
|
layout: default
|
|
title: Time-based One-Time Password
|
|
parent: Configuration
|
|
nav_order: 4
|
|
---
|
|
|
|
# Time-based One-Time Password
|
|
|
|
Authelia uses time based one-time passwords as the OTP method. You have
|
|
the option to tune the settings of the TOTP generation, and you can see a
|
|
full example of TOTP configuration below, as well as sections describing them.
|
|
|
|
## Configuration
|
|
```yaml
|
|
totp:
|
|
issuer: authelia.com
|
|
period: 30
|
|
skew: 1
|
|
```
|
|
|
|
## Options
|
|
|
|
### issuer
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
default: Authelia
|
|
{: .label .label-config .label-blue }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
Applications generating one-time passwords usually display an issuer to
|
|
differentiate applications registered by the user.
|
|
|
|
Authelia allows customisation of the issuer to differentiate the entry created
|
|
by Authelia from others.
|
|
|
|
## Period and Skew
|
|
|
|
The period and skew configuration parameters affect each other. The default values are
|
|
a period of 30 and a skew of 1. It is highly recommended you do not change these unless
|
|
you wish to set skew to 0.
|
|
|
|
The way you configure these affects security by changing the length of time a one-time
|
|
password is valid for. The formula to calculate the effective validity period is
|
|
`period + (period * skew * 2)`. For example period 30 and skew 1 would result in 90
|
|
seconds of validity, and period 30 and skew 2 would result in 150 seconds of validity.
|
|
|
|
|
|
### period
|
|
<div markdown="1">
|
|
type: integer
|
|
{: .label .label-config .label-purple }
|
|
default: 30
|
|
{: .label .label-config .label-blue }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
Configures the period of time in seconds a one-time password is current for. It is important
|
|
to note that changing this value will require your users to register their application again.
|
|
|
|
It is recommended to keep this value set to 30, the minimum is 1.
|
|
|
|
### skew
|
|
<div markdown="1">
|
|
type: integer
|
|
{: .label .label-config .label-purple }
|
|
default: 1
|
|
{: .label .label-config .label-blue }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
Configures the number of one-time passwords either side of the current one that are
|
|
considered valid, each time you increase this it makes two more one-time passwords valid.
|
|
For example the default of 1 has a total of 3 keys valid. A value of 2 has 5 one-time passwords
|
|
valid.
|
|
|
|
It is recommended to keep this value set to 0 or 1, the minimum is 0.
|