mod_sasl2_fast: Fix harmless off-by-one error (invalidates existing tokens!) Problem: This was causing the key to become "<token>--cur" instead of the expected "<token>-cur". As the same key was used by the code to both set and get, it still worked. Rationale for change: Although it worked, it's unintended, inconsistent and messy. It increases the chances of future bugs due to the unexpected format. Side-effects of change: Existing '--cur' entries will not be checked after this change, and therefore existing FAST clients will fail to authenticate until they attempt password auth and obtain a new FAST token. Existing '--cur' entries in storage will not be cleaned up by this commit, but this is considered a minor issue, and okay for the relatively few FAST deployments.

---
summary: Block s2s connections based on admin blocklists
...

This module uses the blocklists set by admins for blocking s2s
connections.

So if an admin blocks a bare domain using [Blocking Command][xep191]
via [mod\_blocklist][doc:modules:mod_blocklist] then no s2s connections
will be allowed to or from that domain.

# Configuring

## Prosody 0.12

Starting with Prosody 0.12, the role or roles that determine whether a
particular users blocklist is used can be configured:

```lua
-- This is the default:
admin_blocklist_roles = { "prosody:operator", "prosody:admin" }
```

## Prosody 0.11

In Prosody 0.11 the [`admins`][doc:admins] setting is used.