X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=debian%2Fgigi.properties.5;h=c0cc96df84c411b751f9bd27e44bcb093eb08a7b;hp=fc54d8b8d1d74ac7b66eb8d3948671e01a829986;hb=135e6c4a1a81bb3ea5db81d5d3a619f0c30130ab;hpb=3bcfce78399cac2b4f7ad36853a28c866e3fb721

diff --git a/debian/gigi.properties.5 b/debian/gigi.properties.5
index fc54d8b8..c0cc96df 100644
--- a/debian/gigi.properties.5
+++ b/debian/gigi.properties.5
@@ -124,6 +124,16 @@ Defaults to \fI25\fR.
 A path to a plain text file of Internet domain names, one per line,
 which Gigi should refuse to issue certificates to.
 .TP
+.B knownPasswordHashes
+A path to a file of SHA-1 hashes of known passwords.
+The file should contain the hashes in binary format, without any separators, and should be sorted.
+Gigi will refuse user passwords with hashes that are found in this file.
+If this option is specified, Gigi will refuse startup if the file cannot be opened,
+otherwise it will attempt to use the file
+.I /usr/share/pwned-passwords/pwned-passwords.bin
+(provided by the \fBpwned-passwords-bin\fR package)
+but continue startup if the file cannot be opened.
+.TP
 .B time.testValidMonths
 The maximum time, in months, for which a passed agent quiz is considered recent.
 Defaults to \fI12\fR.