Product SiteDocumentation Site

Chapter 8. Authentication

8.1. Standard Authentication
8.2. LDAP and Microsoft Active Directory
8.3. Basic Authentication
8.4. HTTP Authentication
8.5. Deprecated authentication methods
MantisBT supports several authentication methods out of the box. In addition, there is work in progress relating to supporting authentication plug-ins. Once these are implemented, authentication against any protocol or repository of user names and passwords will be possible without having to touch MantisBT core code.
It is important to note that MantisBT does not yet support hybrid authentication scenarios. For example, internal staff authenticating against LDAP while customers authenticate against the MantisBT database with MD5 hash.
See $g_login_method in Section 5.21.1, “Global authentication parameters” for more details about how to configure MantisBT to use one of these authentication techniques.

8.1. Standard Authentication

With Standard login method, MantisBT users are authenticated against records in the MantisBT database, where the passwords are stored as a hash.
Note: while technically unlimited, the password's length is arbitrarily restricted to 1024 characters (PASSWORD_MAX_SIZE_BEFORE_HASH constant).
Values for $g_login_method:
  • MD5 is the default - and recommended - method
  • Support for additional methods (e.g. SHA-1) could be added in the future