From f687937ae8b13db4e7416518b81d360b1190459b Mon Sep 17 00:00:00 2001 From: ainsley Date: Thu, 7 Jun 2018 14:09:53 -0500 Subject: [PATCH] Included review updates by @ColinSullivan1 & @ derekcollison Update to gnatsd/README.md clarifying single-user and token-based authentication issue #316 [ci skip] --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3e7630c2..9e256993 100644 --- a/README.md +++ b/README.md @@ -486,7 +486,7 @@ You can also enable token-based authentication and set the credentials in the se ``` authorization { - # You can generate the token using /util/mkpasswd.go + #cleartext is supported but it is recommended you encrypt tokens with util/mkpasswd.go token: S3Cr3T0k3n! timeout: 1 } @@ -500,7 +500,7 @@ nats://'S3Cr3T0k3n!'@localhost:4222 **Encrypting passwords and tokens** -Passwords and tokens ideally should be be obfuscated with [bcrypt](#bcrypt). Anywhere in a configuration file you store a password you should use the mkpasswd utility to encrypt the password or token and use that value instead. +Passwords and tokens ideally should be be encrypted with [bcrypt](#bcrypt). Anywhere in a configuration file you store a password or token, you should use the mkpasswd utility to encrypt the password or token and use that value instead. >Note that clients always use the password or token directly to connect, not the bcrytped value. To do this, use the mkpasswd utility. You can pass the -p parameter to the mkpasswd utility to set your own password. @@ -523,10 +523,10 @@ authorization { } ``` -If you want the mkpasswd util to generate a password or token for you, run it without the -p parameter. +If you want the mkpasswd utility to generate a password or token for you, run it without the -p parameter. ``` $ go run util/mkpasswd.go -pass: D#6)e0ht^@61kU5!^!owrX // Generated NATS client password (or token) +pass: D#6)e0ht^@61kU5!^!owrX // NATS client encrypted with Bcrypt password (or token) bcrypt hash: $2a$11$bXz1Mi5xM.rRUnYRT0Vb2el6sSzVrqA0DJKdt.5Itj1C1K4HT9FDG // server configuration authorization password (or token) ```