From 53bfbb61333af35cde29bb786817856925dcedf0 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 2 Nov 2015 13:08:13 +0100 Subject: ssh: Document pwdfun --- lib/ssh/doc/src/ssh.xml | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 'lib/ssh/doc') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 2b190c98b6..31a5e71401 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -471,12 +471,43 @@ kex is implicit but public_key is set explicitly.

- boolean()}]]> + boolean()}]]> + +

Provides a function for password validation. This could used for calling an external system or if + passwords should be stored as a hash. The fun returns: + + true if the user and password is valid and + false otherwise. + +

+

This fun can also be used to make delays in authentication tries for example by calling + timer:sleep/1. To facilitate counting of failed tries + the State variable could be used. This state is per connection only. The first time the pwdfun + is called for a connection, the State variable has the value undefined. + The pwdfun can return - in addition to the values above - a new state + as: + + {true, NewState:any()} if the user and password is valid or + {false, NewState:any()} if the user or password is invalid + +

+

A third usage is to block login attempts from a missbehaving peer. The State described above + can be used for this. In addition to the responses above, the following return value is introduced: + + disconnect if the connection should be closed immediately after sending a SSH_MSG_DISCONNECT + message. + +

+ + + boolean()}]]>

Provides a function for password validation. This function is called with user and password as strings, and returns if the password is valid and otherwise.

+

This option ({pwdfun,fun/2}) is the same as a subset of the previous + ({pwdfun,fun/4}). It is kept for compatibility.

 -- cgit v1.2.3