http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8148 Priority: P5 - low Change sponsored?: --- Bug ID: 8148 CC: dpavlin@rot13.org Assignee: gmcharlt@gmail.com Summary: ldap authentication should FAIL if ldap contains NEW password, and user types the PREVIOUS password Severity: enhancement Classification: Unclassified OS: All Reporter: heupink@gmail.com Hardware: All Status: NEW Version: rel_3_8 Component: Authentication Product: Koha The way ldap authentication works now is that the patron password is both in ldap and in mysql, usually the primary location being ldap. If sys admins change the userpassword, it's changed directly in ldap, and koha still has the old password stored in mysql. If the user then tries to logon with the OLD password, he should get 'access denied'. But instead he/she gets in, using the old, no longer valid, password. Various possible solutions: The best one: - an option not to store the password in mysql AT ALL (passwords are very sensitive info, I would like to store them in as few places as possible) Two other solutions: - a 'flush authentication cache' button in the staff interface? - a syspref to select the order of precedence when authenticating a user? -- You are receiving this mail because: You are watching all bug changes.