This module contains the main Zotonic authentication mechanism. It contains the logon and logoff controllers, and implements the various hooks as described in the Access control manual.
- The minimumum length of passwords. Defaults to 8, set this to an integer value.
- Set this to
1to check the remember me checkbox per default
- Normally a two-step logon is used, first the username is requested, then the
password is requested. In between the server checks the username and is able
to show alternative authentication methods based on the username.
Set this to
1to show the username and password field at once, and disable the display of alternative authentication methods.
- Set to
1to force user confirmation of new accounts. This is useful when using 3rd party authentication services. If a new identity is found then a new account is automatically added. With this option set the user will be asked if they want to make a new account. This prevents duplicate accounts when using multiple authentication methods.
- The maximum age of the emailed reset token in seconds. Defaults to 48 hours (172800 seconds). This must be an integer value.
- On the password reset form, an user can enter their email address for receiving
an email to reset their password. If an user enters an email address that is not
connected to an active account then we do not send an email.
If this option is set to
1then an email is sent. This prevents the user waiting for an email, but enables sending emails to arbitrary addresses.
- The secret used to sign authentication cookies. This secret is automatically generated. Changing this secret will invalidate all authentication cookies.
- The secret to sign authentication cookies for the anonymous user. This secret is automatically generated. Changing this secret will invalidate all authentication cookies for anonymous users.
- The secret to sign authentication cookies for the identified users if there is no database to store individual secrets.
- The secret to sign remember me cookies. This secret is automatically generated. Changing this secret will invalidate all remember me cookies for all users.
- Set to
1to force an user picking a different password if they reset their password.
- If the admin password is set to
adminthen logon is only allowed from local IP addresses. This configuration overrules the
ip_allowlistglobal configuration and enables other IP addresses to login as
adminif the password is set to