http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8148
Priority: P5 - low
Change sponsored?: ---
Bug ID: 8148
CC: [email protected]
Assignee: [email protected]
Summary: ldap authentication should FAIL if ldap contains NEW
password, and user types the PREVIOUS password
Severity: enhancement
Classification: Unclassified
OS: All
Reporter: [email protected]
Hardware: All
Status: NEW
Version: rel_3_8
Component: Authentication
Product: Koha
The way ldap authentication works now is that the patron password is both in
ldap and in mysql, usually the primary location being ldap.
If sys admins change the userpassword, it's changed directly in ldap, and koha
still has the old password stored in mysql.
If the user then tries to logon with the OLD password, he should get 'access
denied'. But instead he/she gets in, using the old, no longer valid, password.
Various possible solutions:
The best one:
- an option not to store the password in mysql AT ALL (passwords are very
sensitive info, I would like to store them in as few places as possible)
Two other solutions:
- a 'flush authentication cache' button in the staff interface?
- a syspref to select the order of precedence when authenticating a user?
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
