https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6979
--- Comment #16 from Martin Renvoize <[email protected]> --- In general, my feeling more and more is that we should be looking to deprecate password comparison forms of ldap in the long term and we should plan for this. I'd like to see a bug adding warnings and possibly reports to the community hea app for the various ldap configuration combinations. I fear those users who ate using password comparisons still may not be aware of the intrinsic security concerns with such an approach. We should encourage a move forward to more secure methods. Having said all this, we 'could' retain the password comparison and hash before compare at our end.. But this would entail either some complex configuration to add various hashing algorithms or some ldap queries to ascertain the configuration to use. Along with this, extracting the salt for more complex hashing methods would need work too. There are pretty good cpan modules for this.. So it's all possible.. My two pence -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
