[Koha-bugs] [Bug 9165] Allow preventing passwords from being stored locally when using LDAP

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri May 31 05:55:14 CEST 2013


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9165

Robin Sheat <robin at catalyst.net.nz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #13754|0                           |1
        is obsolete|                            |

--- Comment #5 from Robin Sheat <robin at catalyst.net.nz> ---
Created attachment 18535
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=18535&action=edit
Bug 9165 - Prevent LDAP passwords being stored locally

This adds a configuration option to LDAP that prevents it from storing
user's passwords in the local database. This is useful when users of
hosted Koha wish to prevent any form of offsite password storage for
security reasons.

Notes:
 * if the option is not included in the koha-conf.xml file, then the
   current default behaviour of saving the password locally is retained.
 * this has no impact on passwords that are already in the database.
   They will not be erased.

To use:
 * edit the koha-conf.xml for a system that uses LDAP for
   authentication.
 * in the <ldapserver> configuration, add:
   <update_password>0</update_password>
 * feel a greater sense of security.

To test:
 1) have a Koha system that authenticates using LDAP.
 2) note that when a user logs in, their password is saved (hashed) in
    the database.
 2.5) it is important to note that, for whatever reason, a user's
      password is not stored on a login where their account is created,
      only when they log in after being created. Thus perhaps log in and
      log out a couple of times to be sure.
 3) add the <update_password>0</update_password> option to the
    <ldapserver> section of koha-conf.xml.
 4) login with a new user (or erase the password from the database for
    an existing user) and note that the password field is not populated.
 5) log out and log back in just to be sure, check the password field
    again.

Sponsored-By: National Institute of Water and Atmospheric Research (NIWA)

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list