Clear J! passwd after change if nullpassword option is set #71
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…sswd options set Without this feature, if a user changes their password in J!, it gets written to the J! users table, and subsequent authentication then no longer happens against LDAP. Then if the LDAP user is removed, they can still log in to J!. So we need to make sure the password is nulled in J! after a password change.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Without this feature, if a user changes their password in J!, it gets written to the J! users table, and subsequent authentication then no longer happens against LDAP. Then if the LDAP user is removed, they can still log in to J!, and password changes in LDAP don't get used in J!. So we need to make sure the password is nulled in J! after a password change.
I know this PR is unlikely to get merged, as the author has moved on, but I thought I'd submit it anyway, in case anyone else needs this feature, and can merge it to their own fork.