diff options
| author | Antoine A <> | 2024-02-15 15:06:50 +0100 |
|---|---|---|
| committer | Antoine A <> | 2024-02-15 15:06:50 +0100 |
| commit | bcb0468f55def20361cdca493eef54fc9004f4f9 (patch) | |
| tree | 1b8902d0f59efc9cf26e12099269a477c2018e3b | |
| parent | 289bbd7a3be772e64ccc1fcc141f255c543c9e9e (diff) | |
| download | docs-bcb0468f55def20361cdca493eef54fc9004f4f9.tar.gz docs-bcb0468f55def20361cdca493eef54fc9004f4f9.tar.bz2 docs-bcb0468f55def20361cdca493eef54fc9004f4f9.zip | |
Improve regional currency manual
| -rw-r--r-- | libeufin/bank-manual.rst | 34 | ||||
| -rw-r--r-- | libeufin/nexus-manual.rst | 3 | ||||
| -rw-r--r-- | libeufin/regional-manual.rst | 9 |
3 files changed, 28 insertions, 18 deletions
diff --git a/libeufin/bank-manual.rst b/libeufin/bank-manual.rst index 25b793ea..4dd74210 100644 --- a/libeufin/bank-manual.rst +++ b/libeufin/bank-manual.rst @@ -104,16 +104,25 @@ The following snippet shows the mandatory configuration values: Configuring multi-factor authentication --------------------------------------- -libeufin-bank uses helper scripts to send challenge codes to addresses for -multi-factor authentication. By default, those helper scripts are -``libeufin-tan-email.sh`` to send e-mails and ``libeufin-tan-sms.sh`` to send -SMS. It is possible to replace these scripts with use custom scripts to send -the e-mail or SMS TAN. +libeufin-bank supports two factor authentification. libeufin-bank uses helper scripts to send challenge codes to addresses for multi-factor authentication. By default, those helper scripts are ``libeufin-tan-email.sh`` to send e-mails and ``libeufin-tan-sms.sh`` to send SMS. To enable two factor authentication you need to configure at least one TAN channel: -Such alternative scripts must accept the phone number / e-mail address as the -``$1`` parameter and the message content to be transmitted in their standard -input. They should return 0 to indicate successful transmission of the -challenge, and non-zero on failure. +.. code-block:: ini + + [libeufin-bank] + TAN_SMS = libeufin-tan-sms.sh + # And/Or + TAN_EMAIL = libeufin-tan-email.sh + +.. note:: + + The default ``libeufin-tan-sms.sh`` script is based on the `Telesign <https://www.telesign.com>`_ provider. It requires an additional ``telesign-secrets`` script in the PATH that sets the ``CUSTOMER_ID`` and the ``API_KEY`` for the Telesign API. + +.. note:: + + The default ``libeufin-tan-email.sh`` script is based on the ``mail`` linux command. It requires a working local mail transfer agent. + +It is possible to replace these scripts with use custom scripts to send +the e-mail or SMS TAN. Such alternative scripts must accept the phone number / e-mail address as the ``$1`` parameter and the message content to be transmitted in their standard input. They should return 0 to indicate successful transmission of the challenge, and non-zero on failure. To change the scripts used for multi-factor authentication, change the following options in the configuration file: @@ -124,13 +133,6 @@ options in the configuration file: TAN_SMS = custom-tan-sms.sh TAN_EMAIL = custom-tan-email.sh -.. note:: - - The default ``libeufin-tan-sms.sh`` script is based on the `Telesign - <https://www.telesign.com>`_ provider. It requires an additional local - resource file or environment variables with your Telesign credentials to - exist. - Launching libeufin-bank ======================= diff --git a/libeufin/nexus-manual.rst b/libeufin/nexus-manual.rst index 022d90a8..7ac59467 100644 --- a/libeufin/nexus-manual.rst +++ b/libeufin/nexus-manual.rst @@ -125,6 +125,9 @@ The following snippet shows the mandatory configuration values: Refer to the manpage ``libeufin-nexus.conf(5)`` for the full array of configuration values. +.. warning:: + This combination of HOST_ID, USER_ID and PARTNER_ID must never be used by another instance of libeufin-nexus or by other EBICS clients, otherwise data will be lost. + .. note:: If you want to use existing client keys, copy the JSON file to the configured path ``CLIENT_PRIVATE_KEYS_FILE`` (``/var/lib/libeufin-nexus/client-ebics-keys.json`` with the default config) before running the following commands. diff --git a/libeufin/regional-manual.rst b/libeufin/regional-manual.rst index beec5d0c..d2571b24 100644 --- a/libeufin/regional-manual.rst +++ b/libeufin/regional-manual.rst @@ -158,10 +158,15 @@ Grab a coffee. At this point, the setup is NOT connected to any fiat bank account! The next steps must always be done manually! +Multi-factor authentification ++++++++++++++++++++++++++++++ + +By default, multi-factor authentication via SMS and email is enabled. You have to manually configure both channels as described in :ref:`multi-factor authentication <libeufin-mfa>`. + Web-based Configuration +++++++++++++++++++++++ -This script sets up a regional currency with conversion rates of 1:1. You can change conversion rates and ``admin`` debt limit through the Web interface of the bank as the ``admin`` user. +By default, the regional currency conversion rates are 1:1. You can change the conversion rates and the ``admin`` debt limit via the bank's web interface as the ``admin`` user. Connecting to a Fiat Bank: the EBICS setup ++++++++++++++++++++++++++++++++++++++++++ @@ -221,7 +226,7 @@ these configuration options: Web-based Configuration +++++++++++++++++++++++ -Now you have to setup conversion rates and ``admin`` debt limit through the Web interface of the bank as the ``admin`` user. +Now you have to set the conversion rates and the ``admin`` debt limit via the bank's web interface as the ``admin`` user. .. _regional-conversion-setup: |