View Issue Details

IDProjectCategoryView StatusLast Update
0001461Anope Development (1.9.x series)Nickservpublic2012-11-30 10:55
ReporterObiWan Assigned ToAdam  
Status resolvedResolutionfixed 
Summary0001461: ldap_authentication: More than one password possible
DescriptionI've just noticed that when using the ldap authentication module it is possible to use the "old" password from the nickserv database and to use the "new" password from the ldap directory as you wish.

I think when enabling ldap authentication all tasks such as password change, registration, authentication etc. should just stick to the ldap module.
Steps To Reproduce1. Have a database with existing users such as "tester" and a password "Start123".
2. Have a ldap directory with the user "tester" and the password "test123".
3. Both passwords would work on /msg nickserv identify...
TagsNo tags attached.



2012-11-30 10:55

administrator   ~0006304

thanks, fixed in a4468dd56e96ea915d40627f3cb067084238e34a


2012-11-11 23:01

reporter   ~0006303

Ah ok. I understand. Well actually it sounds sensible. Would be some kind of a fallback password if the ldap server is offline.


2012-11-11 22:52

administrator   ~0006302

This was intentional. Instead, I need to make it so if you don't want the "old" nickserv password to work you should unload the encryption modules.

Issue History

Date Modified Username Field Change
2012-11-11 22:38 ObiWan New Issue
2012-11-11 22:52 Adam Note Added: 0006302
2012-11-11 23:01 ObiWan Note Added: 0006303
2012-11-30 10:55 Adam Note Added: 0006304
2012-11-30 10:55 Adam Status new => resolved
2012-11-30 10:55 Adam Resolution open => fixed
2012-11-30 10:55 Adam Assigned To => Adam