Ralf Becker
fae1d29e68
- implemented more secure password hashing types: sha512_crypt, sha256_crypt and blowfish_crypt (later was only just broken)
...
- DB schema update for account_pwd to varchar(128) to accomodate sha512_crypt hashes
- enable automatic migration to sha512_crypt, if on SQL or LDAP (but only on Linux, as OpenLDAP has not native support for it)
2011-06-05 23:22:51 +00:00
Klaus Leithoff
0b1e444325
do not use password on asetLastPwdChange in admin actions, as the use of passwords indicates the usage of the functionality in usermode; Handle params for egw_cache::getSession in the correct order
2011-05-19 10:32:46 +00:00
Ralf Becker
4f3f6748f1
small docu update
2011-05-04 13:32:58 +00:00
Ralf Becker
57fc9c63fc
- fixed with ssha not working migration from sql <--> ldap
...
- using 16 char salt for ssha and smd5 as eclipse ldap admin does
- remove auth::hash_sql2ldap() method, as it is now in setup/inc/class.setup_cmd_ldap.inc.php
- added ability to create uid dn in setup_cmd_ldap subcommand create_ldap
2011-05-04 09:42:50 +00:00
Ralf Becker
457e79454d
* Setup: making SSHA (salted sha1) hashes the default password hash for SQL and LDAP
...
- fixing not working ssha hashes if mb_string.func_overload > 0 set
2011-05-04 07:52:45 +00:00
Klaus Leithoff
4f0e104e27
more to the issue: fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered by auth system
2011-03-16 12:44:42 +00:00
Klaus Leithoff
a080404dab
fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered from auth system. set password-last-changed info in authsystem on password change. when trying to force the user to change his password upon next login as admin from within egrouware, try to set the 0 value within the authsystem as well (in ldap rights are required for admin (or user) to set/alter the shadowlastchange attribute)
2011-03-16 11:00:16 +00:00
Klaus Leithoff
bf8b3211c8
if the number of days left until change of password is expired is negative, dont warn, require the change
2010-10-28 11:02:05 +00:00
Klaus Leithoff
53374d91fb
* API/Passwordmanagement: option enable a warning for users to inform them, that their password is about to expire
...
will be displayed once every session starting X days before the password will expure, when enforce password change is enabled and
a suitable period is set
-translations for that option
-pending translations
2010-10-21 13:58:57 +00:00
Klaus Leithoff
2e33eeaab6
fixing ACL check for nopasswordchange; fixing setting of shadowlastchange by using the correct data with propper format
2010-09-24 08:20:14 +00:00
Klaus Leithoff
7e68a0727f
check if the user is allowed to change its password, before redirecting
2010-09-22 15:20:06 +00:00
Klaus Leithoff
abbf9e3abf
allow old name for account_lastpwd_change (account_lastpassword_change)
2010-09-22 11:41:16 +00:00
Klaus Leithoff
3843c0b59b
Feature: to allow admins a) to set an allowed password age, to require all users to change their password regularily; b) force password change for a given user on the users next login; c) better control about the password strength required; Funded by Cricket
2010-09-22 09:48:27 +00:00
Ralf Becker
bf898afb61
"removed permannent error_log"
2010-05-13 10:45:37 +00:00
Ralf Becker
e91b0f0cb5
using since php<=5.0 available raw_output=true parameter for md5 and sha1 instead of deprecated and in newer distros no longer available mhash extension
2010-05-13 10:39:48 +00:00
Ralf Becker
61d26df913
reworked auth classes, to allow them to use each other and a new auth class using a primary backend (ldap) and a fallback (sql)
2010-01-28 04:22:37 +00:00
Ralf Becker
b5c28fba48
1. NTLM Single Sign ON
...
NTLM SSO removes Windows users on a PC, which is a member of a Windows
domain and who are logged into that domain, from the need to explicitly log
into eGW. They simply point IE to the eGW URL (eg. http://domain.com/egroupware/ )
and start working. They can of cause explicitly log out and log in as an
other user.
For more information look at the README at
http://www.egroupware.org/viewvc/trunk/phpgwapi/ntml/README
2. different authentication for SyncML and/or GroupDAV
You can now use eg. an external auth provider for the login via the
WebGUI (eg. ADS) and the passwords stored in SQL for SyncML.
2008-07-16 09:29:13 +00:00
Ralf Becker
a5a7c2d30e
Additional password crypt types for ldap:
...
- MD5_CRYPT (9 char salt prefixed with $1$)
- BLOWFISH_CRYPT (16 char salt prefixed with $2$)
- EXT_CRYPT (9 char salt, no prefix)
2008-05-31 06:25:04 +00:00
Ralf Becker
868345fcb6
"added static to encrypt_pasword"
2008-03-25 17:05:38 +00:00
Ralf Becker
4f94d5837d
use of global db object and new headers, made all methods of the auth class static
2008-03-15 17:27:36 +00:00
Ralf Becker
90f39cef39
"encryption" type plain for sql and ldap, to allow to store the passwords readable
2007-11-06 11:16:34 +00:00
Miles Lott
23ac553d70
Fix for types other than md5 and crypt, e.g. SSHA where the the type is contained in the text of the password
2006-06-20 09:50:00 +00:00
Ralf Becker
5dc4617462
setting the default for encrypt_ldap() to des and not just return false, the default is needed if you never saved setup >> config
2006-06-17 16:04:35 +00:00
Ralf Becker
9eca4904e0
allow to specify the hash type to prefix the hash, to easy migrate passwords from ldap
2006-06-07 22:08:13 +00:00
Ralf Becker
98d8b30761
rewrite of the accounts classes:
...
- new cleaner AND documented interfaces
- old interfaces are still availible, but depricated
- LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema
- LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros)
- password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
2006-06-06 23:42:36 +00:00
Miles Lott
fb4182ea66
Correct spelling
2006-05-17 06:00:12 +00:00
Cornelius Weiß
b97f701d05
added an optinal check for a save^tm password (criterias as in MS-Windows)
2006-03-13 21:56:28 +00:00
Ralf Becker
c85d34c0fe
changed the following table-names:
...
- phpgw_accounts --> egw_accounts
- phpgw_acl --> egw_acl
- phpgw_log(_msg) --> egw_log(_msg)
- phpgw_config --> egw_config
- phpgw_applications --> egw_applications
This requires code-changes in many apps. Quite often I was able to replace the db access, with calls to the appropreate classes.
2005-11-02 11:45:52 +00:00
Miles Lott
137e472433
Use correct quoting when querying/setting account_id; minor formatting
2005-08-27 12:19:35 +00:00
Cornelius Weiß
79c9507039
- massive code cleanup
...
- added md5_hmac auth type
- added support for password migration
2005-05-10 19:00:55 +00:00
Miles Lott
6adc7fda6f
Add some notes to the smd5_compare() function
2004-02-05 02:14:31 +00:00
Miles Lott
dfa356e0c6
Fix smd5 password comparison for sql
2004-02-05 02:01:39 +00:00
Miles Lott
04067c7a04
Add SMD5 hashing for sql and ldap based on my debian experience today
2004-01-26 03:01:54 +00:00
Miles Lott
d7db3b384e
update credits by request
2004-01-20 21:31:33 +00:00
Miles Lott
77fd8f4882
Move password functions to auth class; Add support for new encryption types in setup
...
and implement password checking and creation for these new types
2004-01-18 21:12:53 +00:00
Miles Lott
9b6465af7a
Using GLOBALS
2001-08-30 19:40:44 +00:00
Miles Lott
61675e82b5
Formatting
2001-05-02 12:52:44 +00:00
skeeter
53f4716584
replaced quotes with single ticks where applicable
2001-02-11 20:03:35 +00:00
jengo
5f0c2433db
Returned cvs to how it was last night (with including the class.accounts.inc.php) file first
2001-02-06 20:13:06 +00:00
jengo
e0b8a07f9c
Fixed not being able to login and clean up a ton of code. It was a mess in there, things flow a little but better now. I still have some cleaning up to do
2001-02-06 13:18:51 +00:00
seek3r
00b23411ef
moved to define() for path vars. Also starting to hack sessions to be phpgw_info manager
2001-02-06 09:19:38 +00:00
seek3r
431f841cba
switching to the new Object factory method
2001-01-11 10:04:28 +00:00
seek3r
e97ef24062
switching to the new Object factory method
2001-01-11 09:52:33 +00:00