add remote validation setting (#213)

pretendWhale · Donny Wong · commit e0e51d15a335 · 2024-05-10T10:10:35.000-04:00
diff --git a/Configuration.md b/Configuration.md
@@ -81,6 +81,7 @@ queues:
 redis:
   url: # url of a running redis database
 validate_file: # (See "User Authentication Options" below)
+remote_validate_file: # (See "User Authentication Options" below)
 validate_ip: # (See "User Authentication Options" below)
 validate_custom_status_message: # (See "User Authentication Options" below)
 validate_user_not_allowed_message: # (See "User Authentication Options" below)
@@ -220,6 +221,12 @@ validate_custom_status_message:
 local_auth_login_name: shibboleth
 ```
 
+Additionally, MarkUs can be set to restrict remote logins based on username and/or IP when using remote authentication.
+
+**To enable restricted remote authentication, set the following setting:**
+
+- `remote_validate_file:` an absolute path to a script that expects input from stdin (user name, password (blank), and IP address; separated by "\n") and returns 0 if the user is authenticated and any other positive integer otherwise.
+
 ### Logout redirect
 
 The `logout_redirect` setting determines where the user will be redirected when they logout of MarkUs. It can be one of `DEFAULT`, `NONE`, or a URL.
