[Bug 9936] New: SIP2 should use C4/Auth.pm for user authentication
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9936 Bug ID: 9936 Summary: SIP2 should use C4/Auth.pm for user authentication Classification: Unclassified Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: SIP2 Assignee: koha-bugs@lists.koha-community.org Reporter: katrin.fischer@bsz-bw.de CC: colin.campbell@ptfs-europe.com SIP2 checks the password directly against the database instead of using C4/Auth.pm. This means that it won't work with LDAP and possibly CAS. Also, we should do authentication the same everywhere in Koha to ensure consistency. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9936 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |http://bugs.koha-community. | |org/bugzilla3/show_bug.cgi? | |id=10372 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9936 Dobrica Pavlinusic <dpavlin@rot13.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dpavlin@rot13.org -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9936 Petter Goksøyr Åsen <boutrosboutrosboutros@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |boutrosboutrosboutros@gmail | |.com -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9936 --- Comment #1 from Colin Campbell <colin.campbell@ptfs-europe.com> --- For login authentication it calls C4/Auth check_api_auth ( so the fact it checks the password in the config file is a bit redundant) For patron status it checks against the db if a password is sent or will accept ''. For patron information the password is not a required field. The sip logic is that the borrower barcode is the patron's token allowing them to request to borrow books. A quick look at the checkpw routines in Auth suggests that they are doing more than testing the validity of the password as they are setting up parameters for a user session and I think we'd need a simpler 'is_this_password_valid' interface to Auth, but that could easily replace the call currently in ILS/Patron.pm -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9936 --- Comment #2 from Colin Campbell <colin.campbell@ptfs-europe.com> --- Patch for 9611 switches to callingC4::Auth for password validation but still bypasses ldap & CAS -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org