[Ltb-users] reset password by mail does not respect hash=auto

k c kisscoolandthegangbang at hotmail.fr
Fri Nov 18 16:31:01 CET 2016



---
------------

M. P.

Le 2016-11-18 15:41, Clément OUDOT a écrit :
> 2016-11-18 15:28 GMT+01:00 k c <kisscoolandthegangbang at hotmail.fr>:
>> Hello,
> 
> Hi.
> 
>> 
>> First I want to tell you thanks for the great job done with self 
>> service
>> password. I like the different customization options and the way it 
>> deals
>> with crypted/uncrypted passwords with auto option.
> 
> Thanks for the feedback.
> 
> 
>> Talking about that, during my test I discovered that when you want to 
>> reset
>> the password by mail it does not respect the auto option for password
>> storage.
>> 
>> With SSHA forced in auto option, the password is stored with ssha hash 
>> in
>> ldap but if I select auto in hash option, the password is stored in 
>> plain
>> text when previous password was stored with ssha hash.
>> 
>> Is it a normal behaviour ?
>> 
>> I looked at the code and that's strange because "change password" and 
>> "reset
>> by mail" use the same function to change password.
>> 
>> Any idea ?
> 
> the "auto" mode only works if you allow the LDAP account to read the
> userPassword attribute value. If not, the hash type cannot be found.
> 

Both manager account and user account have access to userPassword
attribute.

In change mode, I don't have this problem.

> 
> Clément.
> _______________________________________________
> ltb-users mailing list
> ltb-users at lists.ltb-project.org
> http://lists.ltb-project.org/listinfo/ltb-users


More information about the ltb-users mailing list