Issue #823 has been updated by Clément OUDOT. Assigned to set to Clément OUDOT
The user old password is checked after the account is found in LDAP directory, this would be a big rewrite of the code to change this. You can't crypt password cause you need to have the plain text password to bind to LDAP. You can try to look at GSSAPI if you want to delegate authentication, ---------------------------------------- Feature #823: Store bind password in config.inc.php other than clear text http://tools.lsc-project.org/issues/823 Author: Andre Mariano Status: New Priority: Normal Assigned to: Clément OUDOT Category: Self Service Password Target version: self-service-password-? To adhere to my local security policy I can't allow binding anonymously nor can I have the bind password in clear text in the config.in.php file. Is/would it be possible to have the password variable set with any sort of encryption? Or, ideally, can I have it setup to bind using the user's old password captured from the form? Thanks, Andre -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
