2019-12-30 12:18:50 +00:00
2 changed files with 22 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -25,8 +25,5 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
        rule = "Host:<fqdn>"
  ```

- #### Important!  
-  The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
-
 ## Questions or bugs
 Feel free to open issues in this repository.
--- a/lucidAuth.config.php.example
+++ b/lucidAuth.config.php.example
@ -18,6 +18,16 @@ return (object) array(
 		// Specify the NetBios name of the domain; to allow users to log on with just their usernames.
 	],

+    '2FA'   => [
+        'Protocol'  => 'TOTP',      // Possible options are HOTP (sequential codes) and TOTP (timebased codes)
+        'TOTP'  => [
+            'Secret'    => 'NULL',  // By default, a 512 bits secret is generated. If you need, you can provide your own secret here.
+            'Age'       => '30',    // The duration that each OTP code is valid for.
+            'Length'    => '6',     // Number of digits the OTP code will consist of.
+            'Algorithm' => 'SHA256' // The hashing algorithm used.
+        ],
+    ],
+
 	'Sqlite'	=> [
 		'Path'	=> '../data/lucidAuth.sqlite.db'
 		// Relative path to the location where the database should be stored
@ -37,6 +47,9 @@ return (object) array(
 		'CrossDomainLogin'	=> False,
 		// Set this to True if SingleSignOn (albeit rudementary) is desired
 		//   (cookies are inheritently unaware of each other; clearing cookies for one domain does not affect other domains)
+        // Important!
+        // If you leave this set to False, the domainname where lucidAuth will be running on,
+        // needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing the authentication proxy.
 		'CookieDomains'	=> [
 			'domain1.tld' #, 'domain2.tld', 'subdomain.domain3.tld'
 		]