From a8085e4ae47ce94ae5a3802cb3c3e31a345bef99 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Mon, 8 May 2023 23:23:57 +0200
Subject: clarifications to challenger docu

---
 manpages/challenger.conf.5.rst | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'manpages')

diff --git a/manpages/challenger.conf.5.rst b/manpages/challenger.conf.5.rst
index 6081a893..a46b8461 100644
--- a/manpages/challenger.conf.5.rst
+++ b/manpages/challenger.conf.5.rst
@@ -58,6 +58,20 @@ UNIXPATH_MODE = 660
 DB
   Plugin to use for the database, e.g. “postgres”.
 
+VALIDATION_DURATION
+  How long is a validation challenge valid. After this time period, a fresh random challenge code will be generated and the retry limit counter (against guessing attacks) will be reset (to 3).
+
+VALIDATION_EXPIRATION
+  How long is a validation allowed to take (time from
+  ``/setup`` to ``/token``). After this time, the garbage collection process can delete all associated data. (Note that tokens will always allow access to 1h after they have been issued, regardless of when the validation expires).
+
+AUTH_COMMAND
+  Which command should we execute to transmit the challenge code to the address. The address is given as the first argument, while the message to send is provided on stdin. Templates (possibly without the necessary credentials) for such commands are provided as challenger-send-email.sh, challenger-send-post.sh and challenger-send-sms.sh.
+
+ADDRESS_TYPE
+  Type of the address that is being collected, returned as part of the ``address_type`` in the ``/info`` endpoint. Examples include ``email`` or ``phone``.
+
+
 
 SEE ALSO
 ========
-- 
cgit v1.2.3