[Koha-bugs] [Bug 8148] New: ldap authentication should FAIL if ldap contains NEW password, and user types the PREVIOUS password

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Thu May 24 15:17:45 CEST 2012


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8148

          Priority: P5 - low
 Change sponsored?: ---
            Bug ID: 8148
                CC: dpavlin at rot13.org
          Assignee: gmcharlt at gmail.com
           Summary: ldap authentication should FAIL if ldap contains NEW
                    password, and user types the PREVIOUS password
          Severity: enhancement
    Classification: Unclassified
                OS: All
          Reporter: heupink at gmail.com
          Hardware: All
            Status: NEW
           Version: rel_3_8
         Component: Authentication
           Product: Koha

The way ldap authentication works now is that the patron password is both in
ldap and in mysql, usually the primary location being ldap.

If sys admins change the userpassword, it's changed directly in ldap, and koha
still has the old password stored in mysql.

If the user then tries to logon with the OLD password, he should get 'access
denied'. But instead he/she gets in, using the old, no longer valid, password.

Various possible solutions:

The best one:
- an option not to store the password in mysql AT ALL (passwords are very
sensitive info, I would like to store them in as few places as possible)

Two other solutions:
- a 'flush authentication cache' button in the staff interface?
- a syspref to select the order of precedence when authenticating a user?

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list