[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Sep 30 06:12:29 CEST 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611
--- Comment #75 from Srdjan Jankovic <srdjan at catalyst.net.nz> ---
That's why I prefer testing instructions in the comments rather than in the
commits. Maybe the best way would be to have a separate attachment.
Anyway, by popular demand:
Test plan:
1) Add new users and check whether their passwords are stored as Bcrypt
hashes or not (directly on the database).
2) To test that authentication works for both old as well as new users:
a) Login as an existing user whose password is stored as a MD5 hash
b) Login as an existing user whose password is stored as a Bcrypt hash
3) In the staff interface, change the password of an existing user
whose password is stored as an MD5 hash
a) Check the new password is stored as a Bcrypt-hash in the database
b) Try to login with the new password
4) In the OPAC, verify that
a) Old user with old pass can change password, new format
b) New user with new pass can change password
c) Old and new user with self-updated pass can login
5) SIP: Have an old user and create a new user
a) use either tenet sip test or C4/SIP/interactive_patron_check_password.pl
to check old userid/password
b) do the same for the new user
6) LDAP:
- Turn on LDAP auth in koha-config.xml.
- Set "update" in your server config to 1
a) Change user's password on LDAP
b) Login to Koha using LDAP - Koha password should be updated. To check
turn off LDAP auth in koha-config.xml. You should be ble to log in with
the new password
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list