https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21997 --- Comment #7 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 84992 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=84992&action=edit Bug 21997 - SIP patron information requests can lock patron out of account Many SIP services send an empty password field (AD). Even if allow_empty_passwords is enabled for the given SIP account, this empty password is run though Koha's password checker which increments the number of login attempts for a patron. Thus repeated patron information requests can lock a patron out! Empty password fields in SIP should not call for a password check if allow_empty_passwords is enabled. Test Plan: 1) Enable a patron password attempt with a limit of 3 2) Send 4 patron information requests with an empty AD field 3) Note the patron's account is now locked 4) Apply this patch 5) Repeat step 2 with a different patron 6) Note the patron's account does not get locked! Signed-off-by: Charles Farmer <charles.farmer@inLibro.com> -- You are receiving this mail because: You are watching all bug changes.