There is a bug where changing of user properties by 'admin' or the current user does not encrypt the password when SHA is set to true.
The following stmt in UserUpdateAction.java does not seem to update according to the SHA algorithm when set to true: rundata.getParamaters().setProperties(user); I can't seem to find where exactly the SHA algorithm is used. Although Turbine only sets it correctly when the TurbineSecurity.encryptPassword() is called in the DBUserManager.changePassword() but this method is never called. Only new a/c created use the SHA properly. Any clues ? Thanks. -william -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
