http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9936 --- Comment #1 from Colin Campbell <colin.campbell@ptfs-europe.com> --- For login authentication it calls C4/Auth check_api_auth ( so the fact it checks the password in the config file is a bit redundant) For patron status it checks against the db if a password is sent or will accept ''. For patron information the password is not a required field. The sip logic is that the borrower barcode is the patron's token allowing them to request to borrow books. A quick look at the checkpw routines in Auth suggests that they are doing more than testing the validity of the password as they are setting up parameters for a user session and I think we'd need a simpler 'is_this_password_valid' interface to Auth, but that could easily replace the call currently in ILS/Patron.pm -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.