[Ltb-users] reset password by mail does not respect hash=auto

Clément OUDOT clem.oudot at gmail.com
Fri Nov 18 15:41:58 CET 2016


2016-11-18 15:28 GMT+01:00 k c <kisscoolandthegangbang at hotmail.fr>:
> Hello,

Hi.

>
> First I want to tell you thanks for the great job done with self service
> password. I like the different customization options and the way it deals
> with crypted/uncrypted passwords with auto option.

Thanks for the feedback.


> Talking about that, during my test I discovered that when you want to reset
> the password by mail it does not respect the auto option for password
> storage.
>
> With SSHA forced in auto option, the password is stored with ssha hash in
> ldap but if I select auto in hash option, the password is stored in plain
> text when previous password was stored with ssha hash.
>
> Is it a normal behaviour ?
>
> I looked at the code and that's strange because "change password" and "reset
> by mail" use the same function to change password.
>
> Any idea ?

the "auto" mode only works if you allow the LDAP account to read the
userPassword attribute value. If not, the hash type cannot be found.


Clément.


More information about the ltb-users mailing list