On 10/10/07, Maria McKinley <[EMAIL PROTECTED]> wrote: > On 10/10/07, Christophe David <[EMAIL PROTECTED]> wrote: > > > which temporary file contains the password ? > > > > The path for PHP session files is defined by "session.save_path" in > > php.ini. (phpinfo() should give you the settings on your system.) > > > > Details on http://www.php.net/session . > > > > The files are plain text with all variables stored in clear. > > > > Thank you for your help. > > > > Christophe > > > > This is definitely a problem, thanks for pointing it out. On my > system, it saves to /tmp, which is not readable from the web, but > still a bad idea. The trick is to encrypt it. I tried the code below > in my config.php, but I must not have the syntax correct. Maybe > someone with more php knowledge can help us out: > > $DefaultPasswords['edit'] = crypt('id:*'); > > cheers, > maria >
After further investigation, I don't think the problem is syntax. I think the encryption was set up to work with the pmwiki authorization stuff, and it just doesn't work with ldap. I think ldap doesn't have the ability to unencrypt the password, and I'm not sure how to fix that... cheers, maria _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
