[Zope] ACL password encryption

Charlie Reiman creiman@kefta.com
Mon, 7 Oct 2002 13:56:45 -0700


There is something in the collector about this. I filed it.

------------------------
Issue #529 Update (Request) "Using ecryption with User Folder damages
accounts"
 Status Pending, Zope/bug medium
To followup, visit:
  http://collector.zope.org/Zope/529

==============================================================
= Request - Entry #1 by Anonymous User on Aug 20, 2002 5:59 pm

The root user folder defaults to clear text password store. Under
Properties, there is a checkbox to switch to encrypted storage. Click it,
then save. Then click on Update Existing Passwords. The operation completes
and you are logged out which is fine.

You will not be able to log back in however. All the user passwords are
trashed, including admin. You will need to resort to the emergency user to
get things back up and running.

==============================================================



> -----Original Message-----
> From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Rob
> Sent: Monday, October 07, 2002 1:17 PM
> To: zope@zope.org
> Subject: [Zope] ACL password encryption
>
>
> (I have seen a few posts regarding this but with no
> replies indicating a solution)
> If I have a user folder with existing users, then
> later choose to encrypt the passwords and update
> existing passwords, I can no longer log in as those
> existing users.  If I create a new user _after_
> choosing to encrypt passwords, I can log in as that
> user. I don't see anything in the collector about
> this, either.
>
>