View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001461||Anope Development (1.9.x series)||Nickserv||public||2012-11-11 22:38||2012-11-30 10:55|
|Summary||0001461: ldap_authentication: More than one password possible|
|Description||I've just noticed that when using the ldap authentication module it is possible to use the "old" password from the nickserv database and to use the "new" password from the ldap directory as you wish.|
I think when enabling ldap authentication all tasks such as password change, registration, authentication etc. should just stick to the ldap module.
|Steps To Reproduce||1. Have a database with existing users such as "tester" and a password "Start123". |
2. Have a ldap directory with the user "tester" and the password "test123".
3. Both passwords would work on /msg nickserv identify...
|Tags||No tags attached.|
||thanks, fixed in a4468dd56e96ea915d40627f3cb067084238e34a|
||Ah ok. I understand. Well actually it sounds sensible. Would be some kind of a fallback password if the ldap server is offline.|
||This was intentional. Instead, I need to make it so if you don't want the "old" nickserv password to work you should unload the encryption modules.|
|2012-11-11 22:38||ObiWan||New Issue|
|2012-11-11 22:52||Adam||Note Added: 0006302|
|2012-11-11 23:01||ObiWan||Note Added: 0006303|
|2012-11-30 10:55||Adam||Note Added: 0006304|
|2012-11-30 10:55||Adam||Status||new => resolved|
|2012-11-30 10:55||Adam||Resolution||open => fixed|
|2012-11-30 10:55||Adam||Assigned To||=> Adam|