[dev] [cvs] commit: framework/Auth/Auth ldap.php horde/config conf.xml horde/docs CHANGES
Roel Gloudemans
roel at gloudemans.info
Tue May 31 22:47:38 PDT 2005
The encryption field is not for authenticating, but for changing the
password. The framework itself (next to the passwd module) also has a
possibility to change the password (you will be directed to it when
your password expires)
Security wise you this should be required. If an administrator should
forget to set it, all passwords would be stored e.g. in cleartext (the
obvious default value if not set) in the directory, without the admin
realizing it.
Anyway, shouldn't it be standard procedure to update your conf.php when
you update the framework?
Cheers,
Roel.
Quoting Ben Chavet <ben at horde.org>:
>
>> [jan] Add password expiration and password encryption to LDAP
>> authentication
>> driver (Roel Gloudemans <roel at gloudemans.info>).
>
> Any particular reason to make 'encryption' a required field? It's not
> required for other backends, and LDAP authenticates fine without a
> value set (well, SSHA encrypted passwords work, at least)
>
> Introducing it to an existing configuration as a required field breaks
> everything until it is added to conf.php manually.
>
> --Ben
>
>
> --
> Horde developers mailing list - Join the hunt: http://horde.org/bounties/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org
>
More information about the dev
mailing list