Zope 2.5.0 acl_users encrypt passwords lock users out!
Using the property tab of acl_users, a strange behaviour occurs, which I could reproduce on Linux and Windows boxes. If you choose password encrypting and save all users in this folder get encrypted passwords and no one of these can log in anymore ... this seems rather fatal if the administrator thinks he could improve security but in fact just locks out the site members. Any idea? Urgently hoping for help.
Hi! I haven't verified that yet, but it would be a bug. The user folder we built for Kontentor uses the encryption stuff, too, but it falls back to unencrypted passwords if the user has created the password earlier.
Using the property tab of acl_users, a strange behaviour occurs, which I could reproduce on Linux and Windows boxes. If you choose password encrypting and save all users in this folder get encrypted passwords and no one of these can log in anymore ... this seems rather fatal if the administrator thinks he could improve security but in fact just locks out the site members. Any idea? Urgently hoping for help.
Joachim
participants (2)
-
Joachim Werner -
Jurasurf@aol.com