From d7df42ae13a2a9bfb73a76ed96997dad88a794a9 Mon Sep 17 00:00:00 2001
From: David Tulloh <git-david@tulloh.id.au>
Date: Tue, 31 May 2016 18:24:05 +0200
Subject: [PATCH] Document the new digest_algo parameter

---
 docs/plugins.rst |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/docs/plugins.rst b/docs/plugins.rst
index 21c0b33..2eb7996 100644
--- a/docs/plugins.rst
+++ b/docs/plugins.rst
@@ -69,7 +69,8 @@
 
   An :class:`AuthTktCookiePlugin` is an ``IIdentifier`` and ``IAuthenticator``
   plugin which remembers its identity state in a client-side cookie.
-  This plugin uses the ``paste.auth.auth_tkt``"auth ticket" protocol.
+  This plugin uses the ``paste.auth.auth_tkt``"auth ticket" protocol and
+  is compatible with Apache's mod_auth_tkt.
   It should be instantiated passing a *secret*, which is used to encrypt the
   cookie on the client side and decrypt the cookie on the server side.
   The cookie name used to store the cookie value can be specified
@@ -96,6 +97,13 @@
    ``urllib.urlencode`` function (``urllib.urlparse.urlencode`` in python 3).
    Saving keys/values with unicode characters is supported only under python 3.
 
+.. note::
+   Plugin supports multiple digest algorithms. It defaults to md5 to match
+   the default for mod_auth_tkt and paste.auth.auth_tkt. However md5 is not
+   recommended as there are viable attacks against the hash. Any algorithm
+   from the hashlib library can be specified, currently only sha256 and sha512
+   are supported by mod_auth_tkt.
+
 .. module:: repoze.who.plugins.basicauth
 
 .. class:: BasicAuthPlugin(realm)

--
Gitblit v1.9.3