For most people, it should be transparent, but I wanted to point out
that from now on, all password writes in LDAP Backing Directory are
encrypted using the SSHA scheme by default. This object is the current
standard LDAP Directory in CPS, so this should affect most LDAP setups,
and in particular CPSLDAPSetup.
More encryption schemes can be implemented upon request (especially if
you provide an encryption function).
If needed, one can still write unencrypted passwords by selecting
'none' for the password_encryption property in the ZMI.
Also worth of notice: all attempts to fetch the user's password from
CPS will return an empty string. This is primarily to ensure protection
against loops of rehashing that could corrupt your user database, but
we believe it's a good thing in itself.
A side effect is that empty passwords are banned.
This has been checked in the trunk, so it should go in the next stable
release (CPS 3.4.1).
Cheers,
---------
Georges Racinet Nuxeo SAS
[EMAIL PROTECTED] http://nuxeo.com
Tel: +33 (0) 1 40 33 71 73
_______________________________________________
cps-devel mailing list
http://lists.nuxeo.com/mailman/listinfo/cps-devel
