From: Daira Hopwood Date: Thu, 5 Sep 2013 16:39:08 +0000 (+0100) Subject: Tue Jan 24 20:31:26 GMT 2012 Brian Warner X-Git-Url: https://git.rkrishnan.org/pf/content/en/seg/index.php?a=commitdiff_plain;h=728319cbde90981f0918f4ebeed007afebfdf1e3;p=tahoe-lafs%2Ftahoe-lafs.git Tue Jan 24 20:31:26 GMT 2012 Brian Warner * Added information on accounts.url directive --- diff --git a/docs/frontends/FTP-and-SFTP.rst b/docs/frontends/FTP-and-SFTP.rst index d0adefa0..ed52e745 100644 --- a/docs/frontends/FTP-and-SFTP.rst +++ b/docs/frontends/FTP-and-SFTP.rst @@ -73,6 +73,19 @@ these strings. Now add an 'accounts.file' directive to your tahoe.cfg file, as described in the next sections. +accounts.url Directive +====================== + +The accounts.url directive should point to a secure, preferably +localhost-only service. This makes it harder for attackers to brute force +the password or use DNS poisoning to cause the Tahoe-LAFS gateway to talk +with the wrong server, thereby revealing the username and passwords. + +Tahoe-LAFS will send the credentials, email address and password to the +URI specified in the accounts.url directive. If the credentials are correct, +the server will return a rootcap string. Otherwise, it returns the string +"0" which means bad username and/or password. + Configuring FTP Access ======================