Ralf Becker
41fd3575c9
* Update to 1.8.004: REQUIRES TO VISIT SETUP for schema updates
...
- backport of security features from Trunk: support for sha512_crypt password and session-list without access to session-directory
- backport of numerous CalDAV/CardDAV features and fixes from Trunk: multiple addressbooks and calendars, support of resources, request logging
2012-03-31 14:12:25 +00:00
Klaus Leithoff
ad9df848d0
* API: is_a compatibility vs. php5.3.8 resolving to instanceof operator for most common basic classes
2011-09-26 10:01:53 +00:00
Klaus Leithoff
ac2279d933
* API: is_a compatibility vs. php5.3.8 resolving to instanceof operator for most common basic classes
2011-09-26 09:52:43 +00:00
Klaus Leithoff
53c78cd9e2
as the timestamp used for ldap is not the unixtimestamp, we just use time for updating the session cache on auth_alpwchange_val
2011-09-23 11:10:05 +00:00
Klaus Leithoff
afb4dff864
* API/CheckPasswordAge: new approach to the issue, as we have to take into account that the timestamp of the last password change may not be provided by the auth system. We fetch the timestamp from the authsystem if the method is implemented for the auth method configured (instead of juggling with account_lastpasswd_change or account_lastpwd_change)
2011-09-22 15:29:41 +00:00
Ralf Becker
562343a4dd
disabling permanent error_log and missing translation
2011-06-06 06:39:07 +00:00
Ralf Becker
fae1d29e68
- implemented more secure password hashing types: sha512_crypt, sha256_crypt and blowfish_crypt (later was only just broken)
...
- DB schema update for account_pwd to varchar(128) to accomodate sha512_crypt hashes
- enable automatic migration to sha512_crypt, if on SQL or LDAP (but only on Linux, as OpenLDAP has not native support for it)
2011-06-05 23:22:51 +00:00
Klaus Leithoff
0b1e444325
do not use password on asetLastPwdChange in admin actions, as the use of passwords indicates the usage of the functionality in usermode; Handle params for egw_cache::getSession in the correct order
2011-05-19 10:32:46 +00:00
Ralf Becker
4f3f6748f1
small docu update
2011-05-04 13:32:58 +00:00
Ralf Becker
2ca98f1fa3
- fixed with ssha not working migration from sql <--> ldap
...
- using 16 char salt for ssha and smd5 as eclipse ldap admin does
- remove auth::hash_sql2ldap() method, as it is now in setup/inc/class.setup_cmd_ldap.inc.php
- added ability to create uid dn in setup_cmd_ldap subcommand create_ldap
2011-05-04 09:46:18 +00:00
Ralf Becker
57fc9c63fc
- fixed with ssha not working migration from sql <--> ldap
...
- using 16 char salt for ssha and smd5 as eclipse ldap admin does
- remove auth::hash_sql2ldap() method, as it is now in setup/inc/class.setup_cmd_ldap.inc.php
- added ability to create uid dn in setup_cmd_ldap subcommand create_ldap
2011-05-04 09:42:50 +00:00
Ralf Becker
897ea9216f
* Setup: making SSHA (salted sha1) hashes the default password hash for SQL and LDAP
...
- fixing not working ssha hashes if mb_string.func_overload > 0 set
2011-05-04 07:56:09 +00:00
Ralf Becker
457e79454d
* Setup: making SSHA (salted sha1) hashes the default password hash for SQL and LDAP
...
- fixing not working ssha hashes if mb_string.func_overload > 0 set
2011-05-04 07:52:45 +00:00
Klaus Leithoff
4f0e104e27
more to the issue: fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered by auth system
2011-03-16 12:44:42 +00:00
Klaus Leithoff
a080404dab
fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered from auth system. set password-last-changed info in authsystem on password change. when trying to force the user to change his password upon next login as admin from within egrouware, try to set the 0 value within the authsystem as well (in ldap rights are required for admin (or user) to set/alter the shadowlastchange attribute)
2011-03-16 11:00:16 +00:00
Klaus Leithoff
bf8b3211c8
if the number of days left until change of password is expired is negative, dont warn, require the change
2010-10-28 11:02:05 +00:00
Klaus Leithoff
53374d91fb
* API/Passwordmanagement: option enable a warning for users to inform them, that their password is about to expire
...
will be displayed once every session starting X days before the password will expure, when enforce password change is enabled and
a suitable period is set
-translations for that option
-pending translations
2010-10-21 13:58:57 +00:00
Klaus Leithoff
2e33eeaab6
fixing ACL check for nopasswordchange; fixing setting of shadowlastchange by using the correct data with propper format
2010-09-24 08:20:14 +00:00
Klaus Leithoff
7e68a0727f
check if the user is allowed to change its password, before redirecting
2010-09-22 15:20:06 +00:00
Klaus Leithoff
abbf9e3abf
allow old name for account_lastpwd_change (account_lastpassword_change)
2010-09-22 11:41:16 +00:00
Klaus Leithoff
3843c0b59b
Feature: to allow admins a) to set an allowed password age, to require all users to change their password regularily; b) force password change for a given user on the users next login; c) better control about the password strength required; Funded by Cricket
2010-09-22 09:48:27 +00:00
Ralf Becker
bf898afb61
"removed permannent error_log"
2010-05-13 10:45:37 +00:00
Ralf Becker
e91b0f0cb5
using since php<=5.0 available raw_output=true parameter for md5 and sha1 instead of deprecated and in newer distros no longer available mhash extension
2010-05-13 10:39:48 +00:00
Ralf Becker
61d26df913
reworked auth classes, to allow them to use each other and a new auth class using a primary backend (ldap) and a fallback (sql)
2010-01-28 04:22:37 +00:00
Ralf Becker
b5c28fba48
1. NTLM Single Sign ON
...
NTLM SSO removes Windows users on a PC, which is a member of a Windows
domain and who are logged into that domain, from the need to explicitly log
into eGW. They simply point IE to the eGW URL (eg. http://domain.com/egroupware/ )
and start working. They can of cause explicitly log out and log in as an
other user.
For more information look at the README at
http://www.egroupware.org/viewvc/trunk/phpgwapi/ntml/README
2. different authentication for SyncML and/or GroupDAV
You can now use eg. an external auth provider for the login via the
WebGUI (eg. ADS) and the passwords stored in SQL for SyncML.
2008-07-16 09:29:13 +00:00
Ralf Becker
a5a7c2d30e
Additional password crypt types for ldap:
...
- MD5_CRYPT (9 char salt prefixed with $1$)
- BLOWFISH_CRYPT (16 char salt prefixed with $2$)
- EXT_CRYPT (9 char salt, no prefix)
2008-05-31 06:25:04 +00:00
Ralf Becker
868345fcb6
"added static to encrypt_pasword"
2008-03-25 17:05:38 +00:00
Ralf Becker
4f94d5837d
use of global db object and new headers, made all methods of the auth class static
2008-03-15 17:27:36 +00:00
Ralf Becker
90f39cef39
"encryption" type plain for sql and ldap, to allow to store the passwords readable
2007-11-06 11:16:34 +00:00
Miles Lott
23ac553d70
Fix for types other than md5 and crypt, e.g. SSHA where the the type is contained in the text of the password
2006-06-20 09:50:00 +00:00
Ralf Becker
5dc4617462
setting the default for encrypt_ldap() to des and not just return false, the default is needed if you never saved setup >> config
2006-06-17 16:04:35 +00:00
Ralf Becker
9eca4904e0
allow to specify the hash type to prefix the hash, to easy migrate passwords from ldap
2006-06-07 22:08:13 +00:00
Ralf Becker
98d8b30761
rewrite of the accounts classes:
...
- new cleaner AND documented interfaces
- old interfaces are still availible, but depricated
- LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema
- LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros)
- password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
2006-06-06 23:42:36 +00:00
Miles Lott
fb4182ea66
Correct spelling
2006-05-17 06:00:12 +00:00
Cornelius Weiß
b97f701d05
added an optinal check for a save^tm password (criterias as in MS-Windows)
2006-03-13 21:56:28 +00:00
Ralf Becker
c85d34c0fe
changed the following table-names:
...
- phpgw_accounts --> egw_accounts
- phpgw_acl --> egw_acl
- phpgw_log(_msg) --> egw_log(_msg)
- phpgw_config --> egw_config
- phpgw_applications --> egw_applications
This requires code-changes in many apps. Quite often I was able to replace the db access, with calls to the appropreate classes.
2005-11-02 11:45:52 +00:00
Miles Lott
137e472433
Use correct quoting when querying/setting account_id; minor formatting
2005-08-27 12:19:35 +00:00
Cornelius Weiß
79c9507039
- massive code cleanup
...
- added md5_hmac auth type
- added support for password migration
2005-05-10 19:00:55 +00:00
Miles Lott
6adc7fda6f
Add some notes to the smd5_compare() function
2004-02-05 02:14:31 +00:00
Miles Lott
dfa356e0c6
Fix smd5 password comparison for sql
2004-02-05 02:01:39 +00:00
Miles Lott
04067c7a04
Add SMD5 hashing for sql and ldap based on my debian experience today
2004-01-26 03:01:54 +00:00
Miles Lott
d7db3b384e
update credits by request
2004-01-20 21:31:33 +00:00
Miles Lott
77fd8f4882
Move password functions to auth class; Add support for new encryption types in setup
...
and implement password checking and creation for these new types
2004-01-18 21:12:53 +00:00
Miles Lott
9b6465af7a
Using GLOBALS
2001-08-30 19:40:44 +00:00
Miles Lott
61675e82b5
Formatting
2001-05-02 12:52:44 +00:00
skeeter
53f4716584
replaced quotes with single ticks where applicable
2001-02-11 20:03:35 +00:00
jengo
5f0c2433db
Returned cvs to how it was last night (with including the class.accounts.inc.php) file first
2001-02-06 20:13:06 +00:00
jengo
e0b8a07f9c
Fixed not being able to login and clean up a ton of code. It was a mess in there, things flow a little but better now. I still have some cleaning up to do
2001-02-06 13:18:51 +00:00
seek3r
00b23411ef
moved to define() for path vars. Also starting to hack sessions to be phpgw_info manager
2001-02-06 09:19:38 +00:00
seek3r
431f841cba
switching to the new Object factory method
2001-01-11 10:04:28 +00:00