On Thu, May 17, 2012 at 9:46 AM, Ken Dreyer <[email protected]> wrote: > I think it would be better to register the LDAP or Kerberos users with > cryptographically random passwords. What form do you recommend?
Digging a bit more, it looks like the Crowd plugin suffers from the same "default password in the database" problem. Here's a proposed patch: call user.reset_password after saving the user. Advantages: 1. The database password is no longer known to anyone. 2. Reuse the same cryptographic complexity upon which the usual "reset password" application function relies. - Ken -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected]
gitorious-rand-passwords.diff
Description: Binary data
