diff options
author | sunnavy <sunnavy@bestpractical.com> | 2020-12-22 17:45:33 +0300 |
---|---|---|
committer | sunnavy <sunnavy@bestpractical.com> | 2020-12-22 17:45:33 +0300 |
commit | f8d534239b34b2507eb9199370a2ad8a656c9288 (patch) | |
tree | cefd363ceb34919fe654089bf1f2217ecd9283b5 /docs | |
parent | 3890bf0db140962878e93de04f38f636b86576fc (diff) | |
parent | b148f34f9e3ccc32dba18181ee031497aecd3804 (diff) |
Merge branch '5.0/disable-password-for-auth-token-config' into 5.0-trunk
Diffstat (limited to 'docs')
-rw-r--r-- | docs/authentication.pod | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/docs/authentication.pod b/docs/authentication.pod index eba5b36be1..ccf2b1263c 100644 --- a/docs/authentication.pod +++ b/docs/authentication.pod @@ -31,7 +31,11 @@ your RT Apache configuration to allow RT to access the Authorization header. SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 -You can find more information about tokens in L<RT::Authen::Token>. +Since tokens grant access on behalf of a user, RT prompts for a password +when a user is creating a token. However, if you have a mix of RT and +federated authentication, RT can't authenticate users via the federated +password system. For this case, you can explicitly disable the password +check with the C<$DisablePasswordForAuthToken> configuration option. =head1 External Authentication |