Size of the permissions cache.

The timeout for the credentials cache, in seconds.

Salt for version 3 initial MD5 credentials hash (username:salt:password).

The connection string for connecting to the auth database.

The name of the database connector for the auth database.

The database session timeout. If the session has not been used for the given time (in seconds), it will be discarded and a new session created. Note: this is different from a connection timeout specified in the connection string. A timeout of 0 disables the timeout mechanism.

The version of the password has to use:

• 1: MD5 with common salt (original, no longer considered secure)
• 2: PBKDF2 with HMAC-SHA1 and per-user random salt
• 3: PBKDF2 with HMAC-SHA1 and per-user random salt with additional MD5 password pre-hashing, allowing implementation of secure challenge-response authentication mechanisms such as SCRAM-SHA1 (recommended).
• 4: Like version 3, but using PBKDF2 with HMAC-SHA256, SHA1 pre-hasing, a minimum of 50.000 iterations and minimum salt length of 8 bytes.

Account lockout time in seconds after maxFailures failed login attempts. Set to 0 to disable lockout after too many login failures.

Maximum login failures before lockout; set to 0 to disable automatic lockout on too many login failures.

A set of usernames that should never be locked out after too many login failures. This typically includes the main administrator account, in order to prevent the administrator from being locked out through a DoS attack.

The number of iterations in the PBKDF2 algorithm.

The length of the random per-user salt in bytes.