http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5995
Ian Walls <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|rel_3_4 |rel_3_6 Patch Status|Signed Off |Passed QA --- Comment #10 from Ian Walls <[email protected]> 2011-05-13 14:43:57 UTC --- The problem: Unless cardnumber = userid in your system, completely unprivileged patrons can log into the staff client (with superlibrarian privileges) with their cardnumber and password. This DOES NOT depend on CAS or LDAP. After applying the patch: 1. unprivileged users can no longer log into the staff client with cardnumber/password (problem resolved) 2. privileged users can still log into the staff client, either with username or cardnumber, and their correct privileges are retained 3. both privileged and unprivileged users can log into the OPAC as normal Testing regimen does not include LDAP or CAS testing, since that level of authentication is done before falling back to cardnumber authentication. Marking this patch as Passed QA. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
