View Issue Details

IDProjectCategoryView StatusLast Update
0026626mantisbtldappublic2020-02-09 07:05
Reporterrogueresearch Assigned Toatrol  
PriorityhighSeveritymajorReproducibilityhave not tried
Status closedResolutionduplicate 
Summary0026626: Add config option to not cache (insecure MD5) password hashes in the database

According to the Admin Guide:

"An MD5 hash of the user's password will be stored in the database upon successful login, allowing fall-back to Standard Authentication when the LDAP server is not available."

This is unfortunate, because I was hoping to use LDAP as a workaround for bug 0022839.

Could a configuration flag be added to prevent this caching?

TagsNo tags attached.


duplicate of 0012957 assigneddregad Password stored md5-unsalted in database when LDAP authentication is enabled 




2020-01-25 16:15

reporter   ~0063517

Ha!, I'd even commented on the dupe. :)