View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0026626 | mantisbt | ldap | public | 2020-01-25 00:09 | 2020-02-09 07:05 |
Reporter | rogueresearch | Assigned To | atrol | ||
Priority | high | Severity | major | Reproducibility | have not tried |
Status | closed | Resolution | duplicate | ||
Summary | 0026626: Add config option to not cache (insecure MD5) password hashes in the database | ||||
Description | According to the Admin Guide: "An MD5 hash of the user's password will be stored in the database upon successful login, allowing fall-back to Standard Authentication when the LDAP server is not available." This is unfortunate, because I was hoping to use LDAP as a workaround for bug 0022839. Could a configuration flag be added to prevent this caching? | ||||
Tags | No tags attached. | ||||