Klaus Leithoff
2bdcd29582
pass acount_id to crackcheck, as it is required for crackcheck rule validation forbid_name
2013-07-16 10:42:31 +00:00
Ralf Becker
b54aef66e4
need to use own authentication method, to be able to auth user forced to change password and need to always recheck flag, if user are forced to change password, as otherwise he will be prompt again after changing it
2013-07-15 20:29:49 +00:00
Ralf Becker
6898ee9cdb
* Admin/Preferences/Active Directory: more understandable password policy errors and using windows defaults only, if admin has not configured something else
2013-07-14 13:05:24 +00:00
Ralf Becker
5e0c017129
remove old default of 7 for password length, as it allways checks for that default otherwise
2013-06-28 16:20:01 +00:00
Ralf Becker
aa1426b8de
* Admin: split password strength config in minimum length and number of character types, allow account backends specially AD to report password policy failures
2013-06-25 16:37:44 +00:00
Ralf Becker
293d395472
allow auth backends to throw exceptions to give verbose error why password changing failed, auth_ads does now password strength check (even if not configured), as this is most likely cause for not changed password
2013-06-23 10:46:26 +00:00
Ralf Becker
ef1756438e
* Preferences/EMail: if user changed password, update password in session correct, so eg. EMail using that password keeps working
2013-02-21 09:43:38 +00:00
Klaus Leithoff
ac2279d933
* API: is_a compatibility vs. php5.3.8 resolving to instanceof operator for most common basic classes
2011-09-26 09:52:43 +00:00
Klaus Leithoff
53c78cd9e2
as the timestamp used for ldap is not the unixtimestamp, we just use time for updating the session cache on auth_alpwchange_val
2011-09-23 11:10:05 +00:00
Klaus Leithoff
afb4dff864
* API/CheckPasswordAge: new approach to the issue, as we have to take into account that the timestamp of the last password change may not be provided by the auth system. We fetch the timestamp from the authsystem if the method is implemented for the auth method configured (instead of juggling with account_lastpasswd_change or account_lastpwd_change)
2011-09-22 15:29:41 +00:00
Ralf Becker
562343a4dd
disabling permanent error_log and missing translation
2011-06-06 06:39:07 +00:00
Ralf Becker
fae1d29e68
- implemented more secure password hashing types: sha512_crypt, sha256_crypt and blowfish_crypt (later was only just broken)
...
- DB schema update for account_pwd to varchar(128) to accomodate sha512_crypt hashes
- enable automatic migration to sha512_crypt, if on SQL or LDAP (but only on Linux, as OpenLDAP has not native support for it)
2011-06-05 23:22:51 +00:00
Klaus Leithoff
0b1e444325
do not use password on asetLastPwdChange in admin actions, as the use of passwords indicates the usage of the functionality in usermode; Handle params for egw_cache::getSession in the correct order
2011-05-19 10:32:46 +00:00
Ralf Becker
4f3f6748f1
small docu update
2011-05-04 13:32:58 +00:00
Ralf Becker
57fc9c63fc
- fixed with ssha not working migration from sql <--> ldap
...
- using 16 char salt for ssha and smd5 as eclipse ldap admin does
- remove auth::hash_sql2ldap() method, as it is now in setup/inc/class.setup_cmd_ldap.inc.php
- added ability to create uid dn in setup_cmd_ldap subcommand create_ldap
2011-05-04 09:42:50 +00:00
Ralf Becker
457e79454d
* Setup: making SSHA (salted sha1) hashes the default password hash for SQL and LDAP
...
- fixing not working ssha hashes if mb_string.func_overload > 0 set
2011-05-04 07:52:45 +00:00
Klaus Leithoff
4f0e104e27
more to the issue: fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered by auth system
2011-03-16 12:44:42 +00:00
Klaus Leithoff
a080404dab
fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered from auth system. set password-last-changed info in authsystem on password change. when trying to force the user to change his password upon next login as admin from within egrouware, try to set the 0 value within the authsystem as well (in ldap rights are required for admin (or user) to set/alter the shadowlastchange attribute)
2011-03-16 11:00:16 +00:00
Klaus Leithoff
bf8b3211c8
if the number of days left until change of password is expired is negative, dont warn, require the change
2010-10-28 11:02:05 +00:00
Klaus Leithoff
53374d91fb
* API/Passwordmanagement: option enable a warning for users to inform them, that their password is about to expire
...
will be displayed once every session starting X days before the password will expure, when enforce password change is enabled and
a suitable period is set
-translations for that option
-pending translations
2010-10-21 13:58:57 +00:00
Klaus Leithoff
2e33eeaab6
fixing ACL check for nopasswordchange; fixing setting of shadowlastchange by using the correct data with propper format
2010-09-24 08:20:14 +00:00
Klaus Leithoff
7e68a0727f
check if the user is allowed to change its password, before redirecting
2010-09-22 15:20:06 +00:00
Klaus Leithoff
abbf9e3abf
allow old name for account_lastpwd_change (account_lastpassword_change)
2010-09-22 11:41:16 +00:00
Klaus Leithoff
3843c0b59b
Feature: to allow admins a) to set an allowed password age, to require all users to change their password regularily; b) force password change for a given user on the users next login; c) better control about the password strength required; Funded by Cricket
2010-09-22 09:48:27 +00:00
Ralf Becker
bf898afb61
"removed permannent error_log"
2010-05-13 10:45:37 +00:00
Ralf Becker
e91b0f0cb5
using since php<=5.0 available raw_output=true parameter for md5 and sha1 instead of deprecated and in newer distros no longer available mhash extension
2010-05-13 10:39:48 +00:00
Ralf Becker
61d26df913
reworked auth classes, to allow them to use each other and a new auth class using a primary backend (ldap) and a fallback (sql)
2010-01-28 04:22:37 +00:00
Ralf Becker
b5c28fba48
1. NTLM Single Sign ON
...
NTLM SSO removes Windows users on a PC, which is a member of a Windows
domain and who are logged into that domain, from the need to explicitly log
into eGW. They simply point IE to the eGW URL (eg. http://domain.com/egroupware/ )
and start working. They can of cause explicitly log out and log in as an
other user.
For more information look at the README at
http://www.egroupware.org/viewvc/trunk/phpgwapi/ntml/README
2. different authentication for SyncML and/or GroupDAV
You can now use eg. an external auth provider for the login via the
WebGUI (eg. ADS) and the passwords stored in SQL for SyncML.
2008-07-16 09:29:13 +00:00
Ralf Becker
a5a7c2d30e
Additional password crypt types for ldap:
...
- MD5_CRYPT (9 char salt prefixed with $1$)
- BLOWFISH_CRYPT (16 char salt prefixed with $2$)
- EXT_CRYPT (9 char salt, no prefix)
2008-05-31 06:25:04 +00:00
Ralf Becker
868345fcb6
"added static to encrypt_pasword"
2008-03-25 17:05:38 +00:00
Ralf Becker
4f94d5837d
use of global db object and new headers, made all methods of the auth class static
2008-03-15 17:27:36 +00:00
Ralf Becker
90f39cef39
"encryption" type plain for sql and ldap, to allow to store the passwords readable
2007-11-06 11:16:34 +00:00
Miles Lott
23ac553d70
Fix for types other than md5 and crypt, e.g. SSHA where the the type is contained in the text of the password
2006-06-20 09:50:00 +00:00
Ralf Becker
5dc4617462
setting the default for encrypt_ldap() to des and not just return false, the default is needed if you never saved setup >> config
2006-06-17 16:04:35 +00:00
Ralf Becker
9eca4904e0
allow to specify the hash type to prefix the hash, to easy migrate passwords from ldap
2006-06-07 22:08:13 +00:00
Ralf Becker
98d8b30761
rewrite of the accounts classes:
...
- new cleaner AND documented interfaces
- old interfaces are still availible, but depricated
- LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema
- LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros)
- password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
2006-06-06 23:42:36 +00:00
Miles Lott
fb4182ea66
Correct spelling
2006-05-17 06:00:12 +00:00
Cornelius Weiß
b97f701d05
added an optinal check for a save^tm password (criterias as in MS-Windows)
2006-03-13 21:56:28 +00:00
Ralf Becker
c85d34c0fe
changed the following table-names:
...
- phpgw_accounts --> egw_accounts
- phpgw_acl --> egw_acl
- phpgw_log(_msg) --> egw_log(_msg)
- phpgw_config --> egw_config
- phpgw_applications --> egw_applications
This requires code-changes in many apps. Quite often I was able to replace the db access, with calls to the appropreate classes.
2005-11-02 11:45:52 +00:00
Miles Lott
137e472433
Use correct quoting when querying/setting account_id; minor formatting
2005-08-27 12:19:35 +00:00
Cornelius Weiß
79c9507039
- massive code cleanup
...
- added md5_hmac auth type
- added support for password migration
2005-05-10 19:00:55 +00:00
Miles Lott
6adc7fda6f
Add some notes to the smd5_compare() function
2004-02-05 02:14:31 +00:00
Miles Lott
dfa356e0c6
Fix smd5 password comparison for sql
2004-02-05 02:01:39 +00:00
Miles Lott
04067c7a04
Add SMD5 hashing for sql and ldap based on my debian experience today
2004-01-26 03:01:54 +00:00
Miles Lott
d7db3b384e
update credits by request
2004-01-20 21:31:33 +00:00
Miles Lott
77fd8f4882
Move password functions to auth class; Add support for new encryption types in setup
...
and implement password checking and creation for these new types
2004-01-18 21:12:53 +00:00
Miles Lott
9b6465af7a
Using GLOBALS
2001-08-30 19:40:44 +00:00
Miles Lott
61675e82b5
Formatting
2001-05-02 12:52:44 +00:00
skeeter
53f4716584
replaced quotes with single ticks where applicable
2001-02-11 20:03:35 +00:00
jengo
5f0c2433db
Returned cvs to how it was last night (with including the class.accounts.inc.php) file first
2001-02-06 20:13:06 +00:00