User encryption aims to a provide secure, personal storage of sensitive data, e.g. external usernames and passwords.
Table of contents
When linking multiple systems together, it is often required to have a username and a password for the target system available, in order to login. The other system can be an external database, a web service, etc.
User Encryption enables secure storage of such external log-in credentials. The decryption key is not stored by Tiki, and it is only available when the user is logged in.
- This is a new an experimental feature in Tiki 13 and has been backported for Tiki 12.2, so it is available (as experimental) in the LTS version
- Use the Domain Password module to allow the user to specify username and password
- CryptLib must be integrated by coding to access the domain. CryptLib provides the decrypted domain credentials
See also User Encryption.
Each linked system makes up a "password domain". Multiple users can log in to a domain. A password domain has a name. The name must be unique.
The interface to a linked system, uses the password domain name to look-up a user's credentials for the system.
The module "Domain Password", prompts the user for a password.
The password is encrypted and saved associated with the domain specified in the module.
Configure in the Admin / Security panel.
Make sure OpenSSL (Tiki18+) / Mcrypt (Tiki pre-18) is available
The names of the password domains must be unique.
The module "Domain Password" allows users to specify a password (and possibly a username) for a domain. Only defined password domains can be specified.
By default the currently logged in Tiki username will be used. By setting "Use current user" = "n", the user must also specify a username.