commit bcb0468f55def20361cdca493eef54fc9004f4f9
parent 289bbd7a3be772e64ccc1fcc141f255c543c9e9e
Author: Antoine A <>
Date: Thu, 15 Feb 2024 15:06:50 +0100
Improve regional currency manual
Diffstat:
3 files changed, 28 insertions(+), 18 deletions(-)
diff --git a/libeufin/bank-manual.rst b/libeufin/bank-manual.rst
@@ -104,16 +104,25 @@ The following snippet shows the mandatory configuration values:
Configuring multi-factor authentication
---------------------------------------
-libeufin-bank uses helper scripts to send challenge codes to addresses for
-multi-factor authentication. By default, those helper scripts are
-``libeufin-tan-email.sh`` to send e-mails and ``libeufin-tan-sms.sh`` to send
-SMS. It is possible to replace these scripts with use custom scripts to send
-the e-mail or SMS TAN.
+libeufin-bank supports two factor authentification. libeufin-bank uses helper scripts to send challenge codes to addresses for multi-factor authentication. By default, those helper scripts are ``libeufin-tan-email.sh`` to send e-mails and ``libeufin-tan-sms.sh`` to send SMS. To enable two factor authentication you need to configure at least one TAN channel:
-Such alternative scripts must accept the phone number / e-mail address as the
-``$1`` parameter and the message content to be transmitted in their standard
-input. They should return 0 to indicate successful transmission of the
-challenge, and non-zero on failure.
+.. code-block:: ini
+
+ [libeufin-bank]
+ TAN_SMS = libeufin-tan-sms.sh
+ # And/Or
+ TAN_EMAIL = libeufin-tan-email.sh
+
+.. note::
+
+ The default ``libeufin-tan-sms.sh`` script is based on the `Telesign <https://www.telesign.com>`_ provider. It requires an additional ``telesign-secrets`` script in the PATH that sets the ``CUSTOMER_ID`` and the ``API_KEY`` for the Telesign API.
+
+.. note::
+
+ The default ``libeufin-tan-email.sh`` script is based on the ``mail`` linux command. It requires a working local mail transfer agent.
+
+It is possible to replace these scripts with use custom scripts to send
+the e-mail or SMS TAN. Such alternative scripts must accept the phone number / e-mail address as the ``$1`` parameter and the message content to be transmitted in their standard input. They should return 0 to indicate successful transmission of the challenge, and non-zero on failure.
To change the scripts used for multi-factor authentication, change the following
options in the configuration file:
@@ -124,13 +133,6 @@ options in the configuration file:
TAN_SMS = custom-tan-sms.sh
TAN_EMAIL = custom-tan-email.sh
-.. note::
-
- The default ``libeufin-tan-sms.sh`` script is based on the `Telesign
- <https://www.telesign.com>`_ provider. It requires an additional local
- resource file or environment variables with your Telesign credentials to
- exist.
-
Launching libeufin-bank
=======================
diff --git a/libeufin/nexus-manual.rst b/libeufin/nexus-manual.rst
@@ -125,6 +125,9 @@ The following snippet shows the mandatory configuration values:
Refer to the manpage ``libeufin-nexus.conf(5)``
for the full array of configuration values.
+.. warning::
+ This combination of HOST_ID, USER_ID and PARTNER_ID must never be used by another instance of libeufin-nexus or by other EBICS clients, otherwise data will be lost.
+
.. note::
If you want to use existing client keys, copy the JSON file to the configured path ``CLIENT_PRIVATE_KEYS_FILE`` (``/var/lib/libeufin-nexus/client-ebics-keys.json`` with the default config) before running the following commands.
diff --git a/libeufin/regional-manual.rst b/libeufin/regional-manual.rst
@@ -158,10 +158,15 @@ Grab a coffee.
At this point, the setup is NOT connected to any fiat bank account! The next
steps must always be done manually!
+Multi-factor authentification
++++++++++++++++++++++++++++++
+
+By default, multi-factor authentication via SMS and email is enabled. You have to manually configure both channels as described in :ref:`multi-factor authentication <libeufin-mfa>`.
+
Web-based Configuration
+++++++++++++++++++++++
-This script sets up a regional currency with conversion rates of 1:1. You can change conversion rates and ``admin`` debt limit through the Web interface of the bank as the ``admin`` user.
+By default, the regional currency conversion rates are 1:1. You can change the conversion rates and the ``admin`` debt limit via the bank's web interface as the ``admin`` user.
Connecting to a Fiat Bank: the EBICS setup
++++++++++++++++++++++++++++++++++++++++++
@@ -221,7 +226,7 @@ these configuration options:
Web-based Configuration
+++++++++++++++++++++++
-Now you have to setup conversion rates and ``admin`` debt limit through the Web interface of the bank as the ``admin`` user.
+Now you have to set the conversion rates and the ``admin`` debt limit via the bank's web interface as the ``admin`` user.
.. _regional-conversion-setup:
