Clarify documentation for `only_for_reauth` (#16737)
This commit is contained in:
parent
fcf3c493c2
commit
aa983c7b0f
|
@ -0,0 +1 @@
|
||||||
|
Clarify that `password_config.enabled: "only_for_reauth"` does not allow new logins to be created using password auth.
|
|
@ -495,10 +495,10 @@ Unix socket support (_Added in Synapse 1.89.0_):
|
||||||
* **Note**: The use of both `path` and `port` options for the same `listener` is not
|
* **Note**: The use of both `path` and `port` options for the same `listener` is not
|
||||||
compatible.
|
compatible.
|
||||||
* The `x_forwarded` option defaults to true when using Unix sockets and can be omitted.
|
* The `x_forwarded` option defaults to true when using Unix sockets and can be omitted.
|
||||||
* Other options that would not make sense to use with a UNIX socket, such as
|
* Other options that would not make sense to use with a UNIX socket, such as
|
||||||
`bind_addresses` and `tls` will be ignored and can be removed.
|
`bind_addresses` and `tls` will be ignored and can be removed.
|
||||||
* `mode`: The file permissions to set on the UNIX socket. Defaults to `666`
|
* `mode`: The file permissions to set on the UNIX socket. Defaults to `666`
|
||||||
* **Note:** Must be set as `type: http` (does not support `metrics` and `manhole`).
|
* **Note:** Must be set as `type: http` (does not support `metrics` and `manhole`).
|
||||||
Also make sure that `metrics` is not included in `resources` -> `names`
|
Also make sure that `metrics` is not included in `resources` -> `names`
|
||||||
|
|
||||||
|
|
||||||
|
@ -2932,7 +2932,7 @@ access tokens via a query parameter.
|
||||||
|
|
||||||
Example configuration:
|
Example configuration:
|
||||||
```yaml
|
```yaml
|
||||||
use_appservice_legacy_authorization: true
|
use_appservice_legacy_authorization: true
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
|
@ -3613,7 +3613,7 @@ This setting has the following sub-options:
|
||||||
* `enabled`: Defaults to true.
|
* `enabled`: Defaults to true.
|
||||||
Set to false to disable password authentication.
|
Set to false to disable password authentication.
|
||||||
Set to `only_for_reauth` to allow users with existing passwords to use them
|
Set to `only_for_reauth` to allow users with existing passwords to use them
|
||||||
to log in and reauthenticate, whilst preventing new users from setting passwords.
|
to reauthenticate (not log in), whilst preventing new users from setting passwords.
|
||||||
* `localdb_enabled`: Set to false to disable authentication against the local password
|
* `localdb_enabled`: Set to false to disable authentication against the local password
|
||||||
database. This is ignored if `enabled` is false, and is only useful
|
database. This is ignored if `enabled` is false, and is only useful
|
||||||
if you have other `password_providers`. Defaults to true.
|
if you have other `password_providers`. Defaults to true.
|
||||||
|
@ -3865,7 +3865,7 @@ This setting is an optional list of 0 or more rules. By default, no list is
|
||||||
provided, meaning that all alias creations are permitted.
|
provided, meaning that all alias creations are permitted.
|
||||||
|
|
||||||
Otherwise, requests to create aliases are matched against each rule in order.
|
Otherwise, requests to create aliases are matched against each rule in order.
|
||||||
The first rule that matches decides if the request is allowed or denied. If no
|
The first rule that matches decides if the request is allowed or denied. If no
|
||||||
rule matches, the request is denied. In particular, this means that configuring
|
rule matches, the request is denied. In particular, this means that configuring
|
||||||
an empty list of rules will deny every alias creation request.
|
an empty list of rules will deny every alias creation request.
|
||||||
|
|
||||||
|
@ -3877,7 +3877,7 @@ Each rule is a YAML object containing four fields, each of which is an optional
|
||||||
* `action`: either `allow` or `deny`. What to do with the request if the rule matches. Defaults to `allow`.
|
* `action`: either `allow` or `deny`. What to do with the request if the rule matches. Defaults to `allow`.
|
||||||
|
|
||||||
Each of the glob patterns is optional, defaulting to `*` ("match anything").
|
Each of the glob patterns is optional, defaulting to `*` ("match anything").
|
||||||
Note that the patterns match against fully qualified IDs, e.g. against
|
Note that the patterns match against fully qualified IDs, e.g. against
|
||||||
`@alice:example.com`, `#room:example.com` and `!abcdefghijk:example.com` instead
|
`@alice:example.com`, `#room:example.com` and `!abcdefghijk:example.com` instead
|
||||||
of `alice`, `room` and `abcedgghijk`.
|
of `alice`, `room` and `abcedgghijk`.
|
||||||
|
|
||||||
|
@ -3914,7 +3914,7 @@ alias_creation_rules:
|
||||||
alias_creation_rules:
|
alias_creation_rules:
|
||||||
- user_id: "@bad_user:example.com"
|
- user_id: "@bad_user:example.com"
|
||||||
action: deny
|
action: deny
|
||||||
|
|
||||||
- action: allow
|
- action: allow
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -3992,7 +3992,7 @@ room_list_publication_rules:
|
||||||
room_list_publication_rules:
|
room_list_publication_rules:
|
||||||
- user_id: "@bad_user:example.com"
|
- user_id: "@bad_user:example.com"
|
||||||
action: deny
|
action: deny
|
||||||
|
|
||||||
- action: allow
|
- action: allow
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -4408,7 +4408,7 @@ must be declared, in the same way as the [`listeners` option](#listeners)
|
||||||
in the shared config.
|
in the shared config.
|
||||||
|
|
||||||
Workers declared in [`stream_writers`](#stream_writers) and [`instance_map`](#instance_map)
|
Workers declared in [`stream_writers`](#stream_writers) and [`instance_map`](#instance_map)
|
||||||
will need to include a `replication` listener here, in order to accept internal HTTP
|
will need to include a `replication` listener here, in order to accept internal HTTP
|
||||||
requests from other workers.
|
requests from other workers.
|
||||||
|
|
||||||
Example configuration:
|
Example configuration:
|
||||||
|
|
Loading…
Reference in New Issue