[Koha-bugs] [Bug 5995] Glitch with checkauth
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri May 13 16:43:57 CEST 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5995
Ian Walls <ian.walls at bywatersolutions.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|rel_3_4 |rel_3_6
Patch Status|Signed Off |Passed QA
--- Comment #10 from Ian Walls <ian.walls at bywatersolutions.com> 2011-05-13 14:43:57 UTC ---
The problem:
Unless cardnumber = userid in your system, completely unprivileged patrons can
log into the staff client (with superlibrarian privileges) with their
cardnumber and password. This DOES NOT depend on CAS or LDAP.
After applying the patch:
1. unprivileged users can no longer log into the staff client with
cardnumber/password (problem resolved)
2. privileged users can still log into the staff client, either with username
or cardnumber, and their correct privileges are retained
3. both privileged and unprivileged users can log into the OPAC as normal
Testing regimen does not include LDAP or CAS testing, since that level of
authentication is done before falling back to cardnumber authentication.
Marking this patch as Passed QA.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the Koha-bugs
mailing list