# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1669637188 0
# Node ID 6594e7a9a1747a8bc7c26f3bcdbad6f0177c05a8
# Parent  ec9bca2ac2b557242c9ddbe4c487616e5b81a059
mod_sasl2_fast: Add README

diff -r ec9bca2ac2b5 -r 6594e7a9a174 mod_sasl2_fast/README.md
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_sasl2_fast/README.md	Mon Nov 28 12:06:28 2022 +0000
@@ -0,0 +1,31 @@
+---
+labels:
+- Stage-Beta
+summary: "Fast Authentication Streamlining Tokens"
+---
+
+This module implements a mechanism via which clients can exchange a password
+for a secure token, improving security and streamlining future reconnections.
+
+At the time of writing, the XEP that describes the FAST protocol is still
+working its way through the XSF standards process. You can [view the FAST XEP
+proposal here](https://xmpp.org/extensions/inbox/xep-fast.html).
+
+This module depends on [mod_sasl2].
+
+## Configuration
+
+| Name                      | Description                                            | Default               |
+|---------------------------|--------------------------------------------------------|-----------------------|
+| sasl2_fast_token_ttl      | Default token expiry (seconds)                         | `86400*21` (21 days)  |
+| sasl2_fast_token_min_ttl  | Time before tokens are eligible for rotation (seconds) | `86400` (1 day)       |
+
+The `sasl2_fast_token_ttl` option determines the length of time a client can
+remain disconnected before being "logged out" and needing to authenticate with
+a password. Clients must perform at least one FAST authentication within this
+period to remain active.
+
+The `sasl2_fast_token_min_ttl` option defines how long before a token will be
+rotated by the server. By default a token is rotated if it is older than 24
+hours. This value should be less than `sasl2_fast_token_ttl` to prevent
+clients being logged out unexpectedly.