diff --git a/doc/mod_auth_tkt.pod b/doc/mod_auth_tkt.pod index dd7d85c..edf0590 100644 --- a/doc/mod_auth_tkt.pod +++ b/doc/mod_auth_tkt.pod @@ -227,7 +227,9 @@ the ticket hashing, so you should always set a TKTAuthTimeout in addition to using an expiry. Cookie expiries are refreshed with tickets if TKTAuthTimeoutRefresh is set. -Default: none. Examples: +Default: none (not used). + +e.g. TKTAuthCookieExpires 86400 TKTAuthCookieExpires 1w @@ -245,6 +247,11 @@ http://www.example.com/index.html and TKTAuthBackArgName is set to to the TKTAuthLoginURL it redirects to, allowing your login script to redirect back to the requested page upon successful login. + +To omit altogether, set to the string B i.e. + + TKTAuthBackArgName None + Default: 'back'. =item TKTAuthBackCookieName @@ -252,7 +259,9 @@ Default: 'back'. The cookie name to use for the back cookie. If this is set, mod_auth_tkt will set a back cookie containing a URI-escaped version of current requested page when redirecting (see TKTAuthBackArgName -above). Default: none. +above), instead of using a GET parameter. + +Default: none (not used). =item TKTAuthToken @@ -267,7 +276,9 @@ Note that this directive can be repeated, and the semantics are that B of the required tokens is sufficient for access i.e. the tokens are ORed. -Default: none. e.g. +Default: none (not used). + +e.g. TKTAuthToken finance TKTAuthToken admin @@ -281,8 +292,12 @@ this as well, setting the client IP address to 0.0.0.0). This is often required out on the open internet, especially if you are using an HTTPS login page (as you should) and are dealing with more than a handful of users (the typical problem being -transparent HTTP proxies at ISPs). Default: 'off' i.e. ticket -is only valid from the originating IP address. e.g. +transparent HTTP proxies at ISPs). + +Default: 'off' i.e. ticket is only valid from the originating +IP address. + +e.g. TKTAuthIgnoreIP on