Anope Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001461Anope Development (1.9.x series)Nickservpublic2012-11-11 22:382012-11-30 10:55
ReporterObiWan 
Assigned ToAdam 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0001461: ldap_authentication: More than one password possible
DescriptionI've just noticed that when using the ldap authentication module it is possible to use the "old" password from the nickserv database and to use the "new" password from the ldap directory as you wish.

I think when enabling ldap authentication all tasks such as password change, registration, authentication etc. should just stick to the ldap module.
Steps To Reproduce1. Have a database with existing users such as "tester" and a password "Start123".
2. Have a ldap directory with the user "tester" and the password "test123".
3. Both passwords would work on /msg nickserv identify...
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0006304)
Adam (administrator)
2012-11-30 10:55

thanks, fixed in a4468dd56e96ea915d40627f3cb067084238e34a
(0006303)
ObiWan (reporter)
2012-11-11 23:01

Ah ok. I understand. Well actually it sounds sensible. Would be some kind of a fallback password if the ldap server is offline.
(0006302)
Adam (administrator)
2012-11-11 22:52

This was intentional. Instead, I need to make it so if you don't want the "old" nickserv password to work you should unload the encryption modules.

- Issue History
Date Modified Username Field Change
2012-11-11 22:38 ObiWan New Issue
2012-11-11 22:52 Adam Note Added: 0006302
2012-11-11 23:01 ObiWan Note Added: 0006303
2012-11-30 10:55 Adam Note Added: 0006304
2012-11-30 10:55 Adam Status new => resolved
2012-11-30 10:55 Adam Resolution open => fixed
2012-11-30 10:55 Adam Assigned To => Adam


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker