--- loncom/html/adm/help/tex/Domain_Configuration_LangTZAuth.tex	2008/07/24 19:47:02	1.5
+++ loncom/html/adm/help/tex/Domain_Configuration_LangTZAuth.tex	2017/03/30 02:07:20	1.11
@@ -2,7 +2,7 @@
 Prior to LON-CAPA 2.7, default language and authentication type/argument
 were defined in the domain's entry in the domain.tab file. Those settings
 will continue to be used by servers in your domain until you have
-displayed and saved the Default authentication/language/timezone data
+displayed and saved the Default authentication, language, timezone data
 table. Once that has been done, whenever values need to be determined
 for these settings in the domain they will be retrieved from the configuration.db
 file on the primary library server in your domain, which is where
@@ -10,25 +10,69 @@ information saved from the {}``Domain Co
 is stored. Any information in the domain.tab file will no longer be
 consulted, except by servers running pre-2.7 versions of LON-CAPA.
 
-Default domain configurations can be assigned for: 
+\textbf{Default domain configurations} can be assigned for: 
 
 \begin{itemize}
-\item default language used by users in your domain, unless overridden by
+\item \textit{default language} used by users in your domain, unless overridden by
 a user preference
-\item default authentication type for new users in the domain. You will
+\item \textit{default authentication type} for new users in the domain. You will
 need to set the default authentication if you intend to allow a user
 to create a LON-CAPA account if the user successfully authenticated
 via a central service at your institution (e.g., Kerberos), but is
 without a LON-CAPA account. The default authentication is also the
 default offered when Course Coordinators or Authors create new accounts,
 assuming user creation is permitted in these contexts.
-\item default timezone - this will be the timezone used when showing any
+\item \textit{default timezone} - this will be the timezone used when showing any
 times in your domain, unless overridden at a course level, by a course-wide
 timezone. The timezones available are mostly in the form Continent/City,
 although for the USA there are some in the form America/State/City
 as well as EST5EDT, CST6CDT, MST7MDT, PST8PDT and HST (for Eastern,
 Central, Mountain, Pacific and Hawaii Timezones, which adjust for
 daylight savings as appropriate). If no default timezone is set times
-will be displayed according to the timezine of the server hosting
+will be displayed according to the timezone of the server hosting
 the user's LON-CAPA session.
+\item \textit{portal/default URL} - starting with LON-CAPA 2.10, a default URL can
+be specified.  This URL will be included in e-mail sent to confirm self-enrollment etc.
+and might be for a load-balancer LON-CAPA server, or in the case of a multi-domain server,
+for a specific alias used for the domain.
 \end{itemize}
+
+\textbf{Domain settings for internal authentication} can also be set via the same screen.
+
+\begin{itemize}
+\item \textit{Encryption cost for bcrypt} (positive integer). Starting with 2.11.2, 
+bcrypt is used to encrypt the password for an internally authenticated user.
+The complexity of the encryption is determined by the bcrypt cost value. A higher 
+value means more complexity (and more time to validate a user's password). The
+cost needs to be a positive integer. If no value is set in a domain, a default
+of 10 will be used.
+\item \textit{Check bcrypt cost if authenticated}. When an internally authenticated user
+logins and the credentials are validated, the bcrypt cost used for the original
+encryption can be compared with the current domain default. If the cost for
+the stored encryption is less than the current domain setting, there are two 
+options - either allow login and update the stored encryption using the higher cost,
+or disallow login.  The default is not to compare the original cost with the
+current domain setting.
+\item \textit{Existing crypt-based switched to bcrypt if authenticated}. When an internally 
+authenticated user logs-in and the credentials are validated, if the stored
+credentials are currently encrypted with crypt, there is an option to update
+the stored encryption to use bcrypt, with or without backing-up the existing passwd
+file to a passwd.bak file.  The default is not to update the stored passwd file,
+so existing users who have crypt-based stored passwords will continue to do so 
+until such time as they change their password.
+\end{itemize}
+
+\textbf{Institutional user types} can also be defined for the domain via the same screen.
+
+Prior to LON-CAPA 2.11, institutional user types were defined in the \&inst\_usertypes
+subroutine in localenroll.pm, which would be customized for consistency with types 
+defined in institutional data feeds.  Setting of user types via the Domain Configuration
+web GUI supersedes use of localenroll::inst\_usertypes().  Items that can be set are:
+
+\begin{itemize}
+\item \textit{Internal ID} (e.g., faculty)
+\item \textit{Name Displayed} (e.g., Faculty/Academic Staff)
+\item \textit{Order} (Listing order, 1 through N, when the type is to be selected from a list).
+\item \textit{Assignment to ``email-based'' usernames} Whether status type can also be assigned to a non-institutional user with an e-mail address as username
+\end{itemize}
+