auth

Enables sign-in for the admin UI. Uses OPAQUE: the password never reaches the server, so there is nothing to leak or seed — hence ./cms create-admin, ./cms def-help and invite links instead of default credentials.

keydefaultdescription
session_ttl_minutes120session lifetime, max 43200 (30 days)
cookie_namecms_sessionsession cookie (HttpOnly)
rate_limit5 / 10sign-in attempts per minute: per_ip_per_minute and per_login_per_minute

New users are created via invite links (admin → Users; the link is valid 24 hours, single use). Any signed-in user can change their password from the Dashboard.

← All articles in this group