@node Passwords
@unnumbered Password authentication
-Password authentication is required for packages uploading.
-You have to store your authentication data in @option{-passwd} file in
-following format:
+Password authentication is required for packages uploading. Passwords
+are dynamically changed through the FIFO file. You have to create it and
+use in @option{-passwd} option. Optionally, to list currently present
+logins use another FIFO and @option{-passwd-list} option:
@example
-username:hashed-password
+$ mkfifo passwd passwd-list
+$ gocheese -passwd passwd -passwd-list passwd-list ...
@end example
-Empty lines and having @verb{|#|} at the beginning are skipped.
+Then you must feed it newline-separated records in following format:
+
+@example
+username:hashed-password
+@end example
-Supported hashing algorithms are:
+Where @code{hashed-password} is in one of following algorithms:
@table @asis
@item @url{https://www.argon2i.com/, Argon2i} (recommended one!)
To get Argon2i hashed-password you can use any of following tools:
+
@itemize
- @item go get @url{https://github.com/balakhonova/argon2i,
- github.com/balakhonova/argon2i} (Go)
+ @item @code{go get @url{https://github.com/balakhonova/argon2i,
+ github.com/balakhonova/argon2i}} (Go)
@item @url{https://github.com/p-h-c/phc-winner-argon2} (C)
@end itemize
+
Example user @code{foo} with password @code{bar} can have the
following password file entry:
You can use your operating system tools:
@example
-# BSD-based systems:
-$ echo -n "password" | sha256
-
-# GNU/Linux-based systems
-$ echo -n "password" | sha256sum
+$ echo -n "password" | `command -v sha256 || echo sha256sum`
@end example
Example user @code{foo} with password @code{bar} will have the
@end table
-You can refresh passwords by sending @code{SIGHUP} signal to the working daemon:
+To add or update password entry:
@example
-$ pkill -HUP gocheese
-$ kill -HUP `pidof gocheese`
-$ svc -h /var/service/gocheese
+$ echo foo:$sha256$... > passwd
+$ cat passwords.txt > passwd
@end example
-Before refreshing it's recommended to check @option{-passwd} file with
-@option{-passwd-check} option to prevent daemon failure.
+To delete login entry use empty password:
+
+@example
+$ echo foo: > passwd
+@end example
+
+You can also check you passwords file with:
+
+@example
+$ gocheese -passwd-check < passwords.txt
+$ echo $?
+@end example