################################################################################
#                                                                              #
# Write here your access permissions and login groups hierarchy.               #
#                                                                              #
################################################################################

<Login-Manager>
### General Settings ####
# These settings are common for all hosts.
	# if using Built-in method - set login file. This will be the path from the
	# host root.
	# Note that every host will look for the login file in the same relative place.
	# If this entry is empty - server use DAA login.
	<Login-Page> Login.bns </Login-Page>

	# This file user sees if cannot get page. User will get this file if she
	# logged in but don't belong to a group that can access this page.
	# Same note as in Login-Page.
	<Denied-Page> deny.html </Denied-Page>

	# This file to holds the usernames-passwords database. path is either
	# absolute, or relative to Beesnest executable.
	<Users-File> users.inf </Users-File>

	# Auto insert cookie with one-time random code, after login.
	# This is useful when using the Built-in login method, and you want to keep
	# the rendom code using cookies. You can also use it with DAA, then DAA will
	# be used just for initial login, and the rest will be done with rendom-code
	# cookies. Note that these cookies are transfered as clear text!
	<Auto-Cookie> yes </Auto-Cookie>

	<Stale> 60 </Stale>			# DAA challenge response time limit [sec]
	<Expire> 1200 </Expire>		# Unused challenges expire after...	[sec]

	# Old one-time-code is still good for [Sec]. This is useful when using the
	# built-in method. Sometime a browser will ask for more then one protected
	# page at the same time (multiple threads). The first request will have the
	# correct random code, but the rest of the requests will have the same code
	# which will be expired by the time the sever will process them. This
	# setting allow the server to accept an old code from the same client for few
	# more seconds (one will be enough). The server remembers just one code back.
	# This will somewhat weaken the security, if you do not need it, set the
	# value to 0.
	<Old-Code-Life> 1 </Old-Code-Life>


### Groups Settings ###
# Write here your groups hierarchy. you can enter either usernames or other groups
# below a certain group entry (but not both!). You can enter a username in more
# then one place. A user is belong to a group if her username is somewhere under
# the group entry.
	<Groups>
		<My-Users>
			<Group1>
				erezbibi
				someuser
			</Group1>
			<Admin>
				root
			</Admin>
		</My-Users>
	</Groups>

### Protected Pages Settings ###
# The protected pages are divided to hosts. you can protect a single page, or a
# directory (and everything that in it). Dot (.) is the host root. always start
# your path with dot, and keep everything in lower-case letters.
# <.> will protect the entire host!
	<Access>
		<Default-Host>
			<./test.html> Admin </./test.html>
			<./test-folder> My-Users </./test-folder>
		</Default-Host>
		<Other-Host>
			<./some.file> Admin </./some.file>
		</Other-Host>
	</Access>

</Login-Manager>