[Koha-bugs] [Bug 16610] Regression in SIP2 user password handling

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610

Stefan Berndtsson <stefan.berndtsson at ub.gu.se> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |stefan.berndtsson at ub.gu.se

--- Comment #8 from Stefan Berndtsson <stefan.berndtsson at ub.gu.se> ---
> Previous to bug 14507, SIP2 only did internal authentication. A change
> to the way we check empty passwords has caused any empty password to
> send back a CQ of Y. Previous to that patch set, a CQ of Y would only be
> sent back of the patron password column was NULL. Now, an empty AD field
> *always* returns a CQ of Y.

We recently began testing our selfcheck terminals with Koha. This causes an
issue with our setup. The machines we use (Tor3 from Bibliotheca) has an option
for disabling pincode/password entry (which is the situation we want). However,
this does not remove the AD fields from the transaction, just sends an empty
AD. I have no idea how common this behaviour is, but it seems to be similar to
the issue mentioned in bug 15124.

We also need the users to have a password field for web access, so we cannot
leave that field empty.

The combined consequence of this is that getting a CQN back makes it impossible
to use the selfcheck system. Changing the way the selfcheck system creator
implements their things is not really something we can do.

This whole thing could be made into a syspref, allowing for empty AD fields.

I'm not sure how to proceed with this, since this is a resolved bug. Should
adding a syspref for this be done using a new bug entry?

-- 
You are receiving this mail because:
You are watching all bug changes.