[haiku-sysadmin] RFC dev.haiku-os.org: switch back to forms-based login
- From: Niels Sascha Reedijk <niels.reedijk@xxxxxxxxx>
- To: haiku-web@xxxxxxxxxxxxx
- Date: Mon, 30 Dec 2013 10:06:41 -0500
Hi guys,
I have been looking at the problem that repeatedly has entered in our
mailboxes which is that the Trac password recovery function does not work.
My proposal is to switch back to form-based login in order to fix this.
Below is the explanation.
Our current Trac installation is configured to store passwords in the
htdigest format. Authentication is done by the browser (that's why a
browser auth dialog pops up when you click on login). We have a feature to
request a temporary password when the current one is forgotten. Trac then
registers the temporary password in the database and sends that by email to
the user. The existing password is not replaced by the temporary password.
The problem is that the logic for using the temporary password is stored in
a forms-based login module. Since we do not use this type of login the user
has no way to use the temporary password feature to recover their password.
I have been looking into fixing this in the code, but that would be a lot
of work that could be avoided.
My proposal is to switch back to form based-login instead. We initially
switched to digest authentication because we did not use SSL, which meant
that passwords were transferred plain-text over the wire. Now that we do
require SSL for our services, there is no compelling reason to stick with
it.
Any thoughts?
Regards,
N>
Other related posts:
