Location: PHPKode > projects > Simple Way to Usenet > swun/config/realm.opt.php
/**This script define tne configuration needed by realm authentification 
 * The authority Realm, is the things used by the objects to refer to a complete authority system.
 * A realm is composed by one or multiple challenges, accounts backend, and an ACL backend defined by a CNF.

/* tell which filters can be used to define object access rights on a realm.
 a => client must be logged as $ruid
 b => client must be member of group $rgid
 c => client must be admin 	of group $rgid
 d => match everybody
 e => client's request must come from the specified MAC addr
 f => client's request must come from the specified IP addr
 g => client's request must come from the specified netmask
 h => client's request must come from the specified hostname
$o['realm'][$i]['cookname']			= ini_get('session.name');	//What's the cookies that keep the client tickets, and auto_login ?, can be share with CORE sessions and other realm
$o['realm'][$i]['cooklifetime']		= 60*60*24*30;				//Lifetime of cookies
$o['realm'][$i]['auto_login']		= FALSE;					//Do we allow cookies autologin ?
$o['realm'][$i]['lifetime']			= 60*60*24;					//How many time an challenged ticket is kept ?
$o['realm'][$i]['timeout']			= 60*60*1;					//How many time of inactivity an granted ticket is kept ?
$o['realm'][$i]['chal_timeout']		= 45;						//How many time a unchallenged ticket is kept?
$o['realm'][$i]['maxticketbyhost']	= 8;						//How many ticket can cumulate an host. (max-logtry-hard)
$o['realm'][$i]['maxchalticket']	= 5;						//How many challenged ticket can cumulate an host (max-logtry-soft)
$o['realm'][$i]['maxgranticket']	= 5;						//How many granted ticket can cumulate an host (max-multilogin)
$o['realm'][$i]['maxticketbyuser']	= 1;						//How many ticket can use the same account.
$o['realm'][$i]['chals'] 			= Array('oVPN', 'html');	//multiple challenge is supported
$o['realm'][$i]['accs'] 			= Array('ovpn');			//multiple accounts backend is supported
$o['realm'][$i]['acl_engine']		= 'conf';					//backend used to access acl storage
$o['realm'][$i]['acl_opt']			= 'swunacl';				//opt needed by acl backend
$o['realm'][$i]['acl_checks']		= Array('a', 'b', 'c', 'd');//acl rules used by this realm
$o['realm'][$i]['ticket_engine']	= 'db';						//only db for now, maybe some other later
$o['realm'][$i]['ticket_opt']		= 'auth_ticket';			//for db, the cnf

$o['chal']['oVPN']['type']	=	'ovpn';
$o['chal']['oVPN']['arp']	=	'/proc/net/arp';
$o['chal']['oVPN']['status']=	'/etc/openvpn/ext-status.txt';
$o['chal']['oVPN']['device']=	'tap0';

//The auth Challenge, tell us how to ask for user/password, can be used by multiple realm
$o['chal']['html']['type']		=	'html'; //html,digest
$o['chal']['html']['imgkey']	=	3;		//do we anti-bot key?, bool allways/never, int after x failure
$o['chal']['html']['digest']	=	TRUE;	//do we generate a digest hash of the client's auth info before post ? need a specific pass hashsheme on account-BE
$o['chal']['html']['pageid']	=	5;

return $o;
Return current item: Simple Way to Usenet