diff options
| author | Antoine A <> | 2024-02-28 10:54:20 +0100 |
|---|---|---|
| committer | Antoine A <> | 2024-02-28 10:54:20 +0100 |
| commit | 4ebc8a8d83d06ff623484c85de9cb9a91b540e2b (patch) | |
| tree | f494d352ce89f0865187b4615bdadfaca589cdbf /libeufin | |
| parent | 6b67d45815fc08da537331ec58b20cbe6abe7318 (diff) | |
| download | docs-4ebc8a8d83d06ff623484c85de9cb9a91b540e2b.tar.gz docs-4ebc8a8d83d06ff623484c85de9cb9a91b540e2b.tar.bz2 docs-4ebc8a8d83d06ff623484c85de9cb9a91b540e2b.zip | |
Improve 2FA documentation
Diffstat (limited to 'libeufin')
| -rw-r--r-- | libeufin/bank-manual.rst | 2 | ||||
| -rw-r--r-- | libeufin/regional-automated-manual.rst | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/libeufin/bank-manual.rst b/libeufin/bank-manual.rst index 4b00635a..ab793b2b 100644 --- a/libeufin/bank-manual.rst +++ b/libeufin/bank-manual.rst @@ -109,7 +109,7 @@ libeufin-bank supports two-factor authentication. libeufin-bank uses helper scri SMS TAN channel +++++++++++++++ -The default ``libeufin-tan-sms.sh`` script is based on the `Telesign <https://www.telesign.com>`_ provider. It requires an additional ``AUTH_TOKEN`` environment variable for the `Telesign API <https://developer.telesign.com/enterprise/docs/authentication#basic-authentication>`_. +The default ``libeufin-tan-sms.sh`` script is based on the `Telesign <https://www.telesign.com>`_ SMS provider. It requires an additional ``AUTH_TOKEN`` environment variable for `Telesign Basic authentication <https://developer.telesign.com/enterprise/docs/authentication#basic-authentication>`_. To test your setup run: diff --git a/libeufin/regional-automated-manual.rst b/libeufin/regional-automated-manual.rst index ad821a1e..596fb12e 100644 --- a/libeufin/regional-automated-manual.rst +++ b/libeufin/regional-automated-manual.rst @@ -98,8 +98,8 @@ The script will start by installing required packages and then asking you fundam #. The DNS domain name of your setup (i.e: domain.tld). The installer will create by itself all the needed subdomains for your domain name, as (``bank.$DOMAIN``, ``exchange.$DOMAIN`` and ``backend.$DOMAIN``). But, these subdomain names as explained before, must have been added beforehand to your DNS domain control panel, and they must be pointing to the IP address of the server on which you are running the installation (before you execute the installer). #. Whether to use TLS or not. You should answer ``y`` in most cases. #. Whether to store Taler Exchange keys on this server or externally on another server. Unless you need a high-security setup and expect to run an offline key management process, say ``y``. If you say ``n``, you will need to run ``taler-exchange-offline setup`` on your offline system and provide the master public key. Furthermore, you should then study the exchange manual on offline key management to finish the exchange setup process later. -#. Whether to setup sms two-factor authentication using Telesign. You should answer ``y`` in most cases. -#. The admin password for the bank. Be absolutely sure to enter a very, very long and high-entropy password, preferably use the autogenerated one. +#. Whether to setup SMS two-factor authentication using `Telesign <https://www.telesign.com>`_, multi-factor authentication is strongly recommended, especially when regional currency can be converted to fiat currency. This requires `a Customer ID and an API Key <https://developer.telesign.com/enterprise/docs/authentication#basic-authentication>`_. You should answer ``y`` in most cases. +#. The admin password for the bank. Be absolutely sure to enter a very, very long and high-entropy password, preferably using the autogenerated one. The information you entered as well as the generated bank admin password will be stored in a file called ``config/user.conf``. If you run the script in |