[Koha-bugs] [Bug 8148] New: ldap authentication should FAIL if ldap contains NEW password, and user types the PREVIOUS password
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu May 24 15:17:45 CEST 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8148
Priority: P5 - low
Change sponsored?: ---
Bug ID: 8148
CC: dpavlin at rot13.org
Assignee: gmcharlt at gmail.com
Summary: ldap authentication should FAIL if ldap contains NEW
password, and user types the PREVIOUS password
Severity: enhancement
Classification: Unclassified
OS: All
Reporter: heupink at gmail.com
Hardware: All
Status: NEW
Version: rel_3_8
Component: Authentication
Product: Koha
The way ldap authentication works now is that the patron password is both in
ldap and in mysql, usually the primary location being ldap.
If sys admins change the userpassword, it's changed directly in ldap, and koha
still has the old password stored in mysql.
If the user then tries to logon with the OLD password, he should get 'access
denied'. But instead he/she gets in, using the old, no longer valid, password.
Various possible solutions:
The best one:
- an option not to store the password in mysql AT ALL (passwords are very
sensitive info, I would like to store them in as few places as possible)
Two other solutions:
- a 'flush authentication cache' button in the staff interface?
- a syspref to select the order of precedence when authenticating a user?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list