https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21997 Charles Farmer <charles.farmer@inlibro.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #83183|0 |1 is obsolete| | --- Comment #2 from Charles Farmer <charles.farmer@inlibro.com> --- Created attachment 84230 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=84230&action=edit Bug 21997 - SIP patron information requests can lock patron out of account Many SIP services send an empty password field (AD). Even if allow_empty_passwords is enabled for the given SIP account, this empty password is run though Koha's password checker which increments the number of login attempts for a patron. Thus repeated patron information requests can lock a patron out! Empty password fields in SIP should not call for a password check if allow_empty_passwords is enabled. Test Plan: 1) Enable a patron password attempt with a limit of 3 2) Send 4 patron information requests with an empty AD field 3) Note the patron's account is now locked 4) Apply this patch 5) Repeat step 2 with a different patron 6) Note the patron's account does not get locked! Signed-off-by: Charles Farmer <charles.farmer@inLibro.com> -- You are receiving this mail because: You are watching all bug changes.