--- loncom/html/adm/help/tex/Domain_Configuration_LangTZAuth.tex 2008/07/23 02:41:55 1.1
+++ loncom/html/adm/help/tex/Domain_Configuration_LangTZAuth.tex 2017/03/30 02:07:20 1.11
@@ -1,36 +1,78 @@
\label{Domain_Configuration_LangTZAuth}
-The login page can be customized for your domain, by:
+Prior to LON-CAPA 2.7, default language and authentication type/argument
+were defined in the domain's entry in the domain.tab file. Those settings
+will continue to be used by servers in your domain until you have
+displayed and saved the Default authentication, language, timezone data
+table. Once that has been done, whenever values need to be determined
+for these settings in the domain they will be retrieved from the configuration.db
+file on the primary library server in your domain, which is where
+information saved from the {}``Domain Configuration'' data tables
+is stored. Any information in the domain.tab file will no longer be
+consulted, except by servers running pre-2.7 versions of LON-CAPA.
+
+\textbf{Default domain configurations} can be assigned for:
\begin{itemize}
-\item uploading custom image files,
-\item changing colors of text, links or backgrounds
-\item enabling/disabling display of sepcific links
+\item \textit{default language} used by users in your domain, unless overridden by
+a user preference
+\item \textit{default authentication type} for new users in the domain. You will
+need to set the default authentication if you intend to allow a user
+to create a LON-CAPA account if the user successfully authenticated
+via a central service at your institution (e.g., Kerberos), but is
+without a LON-CAPA account. The default authentication is also the
+default offered when Course Coordinators or Authors create new accounts,
+assuming user creation is permitted in these contexts.
+\item \textit{default timezone} - this will be the timezone used when showing any
+times in your domain, unless overridden at a course level, by a course-wide
+timezone. The timezones available are mostly in the form Continent/City,
+although for the USA there are some in the form America/State/City
+as well as EST5EDT, CST6CDT, MST7MDT, PST8PDT and HST (for Eastern,
+Central, Mountain, Pacific and Hawaii Timezones, which adjust for
+daylight savings as appropriate). If no default timezone is set times
+will be displayed according to the timezone of the server hosting
+the user's LON-CAPA session.
+\item \textit{portal/default URL} - starting with LON-CAPA 2.10, a default URL can
+be specified. This URL will be included in e-mail sent to confirm self-enrollment etc.
+and might be for a load-balancer LON-CAPA server, or in the case of a multi-domain server,
+for a specific alias used for the domain.
\end{itemize}
-Logos displayed in the login page configuration table are scaled down
-from the full size used in the login-page itself.
+\textbf{Domain settings for internal authentication} can also be set via the same screen.
+\begin{itemize}
+\item \textit{Encryption cost for bcrypt} (positive integer). Starting with 2.11.2,
+bcrypt is used to encrypt the password for an internally authenticated user.
+The complexity of the encryption is determined by the bcrypt cost value. A higher
+value means more complexity (and more time to validate a user's password). The
+cost needs to be a positive integer. If no value is set in a domain, a default
+of 10 will be used.
+\item \textit{Check bcrypt cost if authenticated}. When an internally authenticated user
+logins and the credentials are validated, the bcrypt cost used for the original
+encryption can be compared with the current domain default. If the cost for
+the stored encryption is less than the current domain setting, there are two
+options - either allow login and update the stored encryption using the higher cost,
+or disallow login. The default is not to compare the original cost with the
+current domain setting.
+\item \textit{Existing crypt-based switched to bcrypt if authenticated}. When an internally
+authenticated user logs-in and the credentials are validated, if the stored
+credentials are currently encrypted with crypt, there is an option to update
+the stored encryption to use bcrypt, with or without backing-up the existing passwd
+file to a passwd.bak file. The default is not to update the stored passwd file,
+so existing users who have crypt-based stored passwords will continue to do so
+until such time as they change their password.
+\end{itemize}
-\hfill{}
+\textbf{Institutional user types} can also be defined for the domain via the same screen.
-\noindent The following elements are configurable:
+Prior to LON-CAPA 2.11, institutional user types were defined in the \&inst\_usertypes
+subroutine in localenroll.pm, which would be customized for consistency with types
+defined in institutional data feeds. Setting of user types via the Domain Configuration
+web GUI supersedes use of localenroll::inst\_usertypes(). Items that can be set are:
\begin{itemize}
-\item Header image at the top of the page
-\item Main Logo centred in the upper part of the main panel
-\item Domain logo in the lower left corner of the main panel
-\item Header above the login panel - can also be set to use text (\char`\"{}Log
-in\char`\"{}) instead of an image.
-\item Backgrond colors for the page itself, the main panel, and the left
-(side) panel.
-\item Text color used for text on the page
-\item Enable/disable display of three links:
-
-\begin{itemize}
-\item Course Catalog, for a catalog of courses;
-\item Admin E-mail, for the e-mail address of the administrator;
-\item New User, for users to create their own accounts.
-\end{itemize}
-\item Default colors for links in the page, depending on status: either
-active, visited or default (if neither apply).
+\item \textit{Internal ID} (e.g., faculty)
+\item \textit{Name Displayed} (e.g., Faculty/Academic Staff)
+\item \textit{Order} (Listing order, 1 through N, when the type is to be selected from a list).
+\item \textit{Assignment to ``email-based'' usernames} Whether status type can also be assigned to a non-institutional user with an e-mail address as username
\end{itemize}
+