[sork] Passwd backends
Eric Rostetter
eric.rostetter at physics.utexas.edu
Sat Jan 29 17:20:53 PST 2005
Quoting - Fredde - <nagash303 at hotmail.com>:
> However, even if stupid A left his computer hacker B need the oldpassword
> to be able to change the password, ok? Cant see any security issue, ok?
Okay. If it works for you, great! More power to you.
> This also work great with multiple virtual domains. Now its up to you to
> deside
> the best way to code this into next version.
You miss the point. It is already in the CVS HEAD, which is where
the next version comes from (unless there is an emergency security
alert that must be released asap).
> This way the username is looked, readonly does the job
> (yes you can still see the username,but cant edit/change it).
Not in the form as served. But you could spoof the form and change it. But
probably you are not worried about that.
> Mabe you have some way of using this for develop some config params
> enable/dissable this.
Again, it is already in CVS HEAD so no patch is needed. Only back porting
it, and/or releasing a new version.
> >In 2.2.1 you configure adding the domain via the hook that is provided, as
> >per my previous e-mail to the list.
>
> Yes, you can, but it dosent work if you use multiple domains.
It does if you code the hook to do so.
> I do, and thats the reason im screaming about this
> full-username-back-on-track-support! :)
The hook supports what you want.
> >However, you can not in 2.2.1 disable
> >the username field (stop the user from editing it). This is wrong, and
> >should
> >be fixed (e.g. release a 2.2.2 release with the change backported from HEAD
> >to support this).
>
> Yes, mabe my diff abow can help. (thx to Fred Ho!)
We already have the proper code actually, but thanks anyway for submitting
you changes. It is nice of you to try to help.
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Why get even? Get odd!
More information about the sork
mailing list