Commit Graph

44 Commits

Author SHA1 Message Date
Ralf Becker
562343a4dd disabling permanent error_log and missing translation 2011-06-06 06:39:07 +00:00
Ralf Becker
fae1d29e68 - implemented more secure password hashing types: sha512_crypt, sha256_crypt and blowfish_crypt (later was only just broken)
- DB schema update for account_pwd to varchar(128) to accomodate sha512_crypt hashes
- enable automatic migration to sha512_crypt, if on SQL or LDAP (but only on Linux, as OpenLDAP has not native support for it)
2011-06-05 23:22:51 +00:00
Klaus Leithoff
0b1e444325 do not use password on asetLastPwdChange in admin actions, as the use of passwords indicates the usage of the functionality in usermode; Handle params for egw_cache::getSession in the correct order 2011-05-19 10:32:46 +00:00
Ralf Becker
4f3f6748f1 small docu update 2011-05-04 13:32:58 +00:00
Ralf Becker
57fc9c63fc - fixed with ssha not working migration from sql <--> ldap
- using 16 char salt for ssha and smd5 as eclipse ldap admin does
- remove auth::hash_sql2ldap() method, as it is now in setup/inc/class.setup_cmd_ldap.inc.php
- added ability to create uid dn in setup_cmd_ldap subcommand create_ldap
2011-05-04 09:42:50 +00:00
Ralf Becker
457e79454d * Setup: making SSHA (salted sha1) hashes the default password hash for SQL and LDAP
- fixing not working ssha hashes if mb_string.func_overload > 0 set
2011-05-04 07:52:45 +00:00
Klaus Leithoff
4f0e104e27 more to the issue: fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered by auth system 2011-03-16 12:44:42 +00:00
Klaus Leithoff
a080404dab fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered from auth system. set password-last-changed info in authsystem on password change. when trying to force the user to change his password upon next login as admin from within egrouware, try to set the 0 value within the authsystem as well (in ldap rights are required for admin (or user) to set/alter the shadowlastchange attribute) 2011-03-16 11:00:16 +00:00
Klaus Leithoff
bf8b3211c8 if the number of days left until change of password is expired is negative, dont warn, require the change 2010-10-28 11:02:05 +00:00
Klaus Leithoff
53374d91fb * API/Passwordmanagement: option enable a warning for users to inform them, that their password is about to expire
will be displayed once every session starting X days before the password will expure, when enforce password change is enabled and 
a suitable period is set
-translations for that option
-pending translations
2010-10-21 13:58:57 +00:00
Klaus Leithoff
2e33eeaab6 fixing ACL check for nopasswordchange; fixing setting of shadowlastchange by using the correct data with propper format 2010-09-24 08:20:14 +00:00
Klaus Leithoff
7e68a0727f check if the user is allowed to change its password, before redirecting 2010-09-22 15:20:06 +00:00
Klaus Leithoff
abbf9e3abf allow old name for account_lastpwd_change (account_lastpassword_change) 2010-09-22 11:41:16 +00:00
Klaus Leithoff
3843c0b59b Feature: to allow admins a) to set an allowed password age, to require all users to change their password regularily; b) force password change for a given user on the users next login; c) better control about the password strength required; Funded by Cricket 2010-09-22 09:48:27 +00:00
Ralf Becker
bf898afb61 "removed permannent error_log" 2010-05-13 10:45:37 +00:00
Ralf Becker
e91b0f0cb5 using since php<=5.0 available raw_output=true parameter for md5 and sha1 instead of deprecated and in newer distros no longer available mhash extension 2010-05-13 10:39:48 +00:00
Ralf Becker
61d26df913 reworked auth classes, to allow them to use each other and a new auth class using a primary backend (ldap) and a fallback (sql) 2010-01-28 04:22:37 +00:00
Ralf Becker
b5c28fba48 1. NTLM Single Sign ON
NTLM SSO removes Windows users on a PC, which is a member of a Windows
domain and who are logged into that domain, from the need to explicitly log
into eGW.  They simply point IE to the eGW URL (eg. http://domain.com/egroupware/)
and start working. They can of cause explicitly log out and log in as an
other user.
For more information look at the README at
http://www.egroupware.org/viewvc/trunk/phpgwapi/ntml/README

2. different authentication for SyncML and/or GroupDAV
You can now use eg. an external auth provider for the login via the
WebGUI (eg. ADS) and the passwords stored in SQL for SyncML.
2008-07-16 09:29:13 +00:00
Ralf Becker
a5a7c2d30e Additional password crypt types for ldap:
- MD5_CRYPT (9 char salt prefixed with $1$)
- BLOWFISH_CRYPT (16 char salt prefixed with $2$)
- EXT_CRYPT (9 char salt, no prefix)
2008-05-31 06:25:04 +00:00
Ralf Becker
868345fcb6 "added static to encrypt_pasword" 2008-03-25 17:05:38 +00:00
Ralf Becker
4f94d5837d use of global db object and new headers, made all methods of the auth class static 2008-03-15 17:27:36 +00:00
Ralf Becker
90f39cef39 "encryption" type plain for sql and ldap, to allow to store the passwords readable 2007-11-06 11:16:34 +00:00
Miles Lott
23ac553d70 Fix for types other than md5 and crypt, e.g. SSHA where the the type is contained in the text of the password 2006-06-20 09:50:00 +00:00
Ralf Becker
5dc4617462 setting the default for encrypt_ldap() to des and not just return false, the default is needed if you never saved setup >> config 2006-06-17 16:04:35 +00:00
Ralf Becker
9eca4904e0 allow to specify the hash type to prefix the hash, to easy migrate passwords from ldap 2006-06-07 22:08:13 +00:00
Ralf Becker
98d8b30761 rewrite of the accounts classes:
- new cleaner AND documented interfaces
- old interfaces are still availible, but depricated
- LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema
- LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros)
- password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
2006-06-06 23:42:36 +00:00
Miles Lott
fb4182ea66 Correct spelling 2006-05-17 06:00:12 +00:00
Cornelius Weiß
b97f701d05 added an optinal check for a save^tm password (criterias as in MS-Windows) 2006-03-13 21:56:28 +00:00
Ralf Becker
c85d34c0fe changed the following table-names:
- phpgw_accounts --> egw_accounts
- phpgw_acl --> egw_acl
- phpgw_log(_msg) --> egw_log(_msg)
- phpgw_config --> egw_config
- phpgw_applications --> egw_applications
This requires code-changes in many apps. Quite often I was able to replace the db access, with calls to the appropreate classes.
2005-11-02 11:45:52 +00:00
Miles Lott
137e472433 Use correct quoting when querying/setting account_id; minor formatting 2005-08-27 12:19:35 +00:00
Cornelius Weiß
79c9507039 - massive code cleanup
- added md5_hmac auth type
- added support for password migration
2005-05-10 19:00:55 +00:00
Miles Lott
6adc7fda6f Add some notes to the smd5_compare() function 2004-02-05 02:14:31 +00:00
Miles Lott
dfa356e0c6 Fix smd5 password comparison for sql 2004-02-05 02:01:39 +00:00
Miles Lott
04067c7a04 Add SMD5 hashing for sql and ldap based on my debian experience today 2004-01-26 03:01:54 +00:00
Miles Lott
d7db3b384e update credits by request 2004-01-20 21:31:33 +00:00
Miles Lott
77fd8f4882 Move password functions to auth class; Add support for new encryption types in setup
and implement password checking and creation for these new types
2004-01-18 21:12:53 +00:00
Miles Lott
9b6465af7a Using GLOBALS 2001-08-30 19:40:44 +00:00
Miles Lott
61675e82b5 Formatting 2001-05-02 12:52:44 +00:00
skeeter
53f4716584 replaced quotes with single ticks where applicable 2001-02-11 20:03:35 +00:00
jengo
5f0c2433db Returned cvs to how it was last night (with including the class.accounts.inc.php) file first 2001-02-06 20:13:06 +00:00
jengo
e0b8a07f9c Fixed not being able to login and clean up a ton of code. It was a mess in there, things flow a little but better now. I still have some cleaning up to do 2001-02-06 13:18:51 +00:00
seek3r
00b23411ef moved to define() for path vars. Also starting to hack sessions to be phpgw_info manager 2001-02-06 09:19:38 +00:00
seek3r
431f841cba switching to the new Object factory method 2001-01-11 10:04:28 +00:00
seek3r
e97ef24062 switching to the new Object factory method 2001-01-11 09:52:33 +00:00