Opened 3 years ago

Closed 20 months ago

#8990 closed defect (fixed)

HtPasswdStore and SessionStore with HtPasswdHashMethod share hash type selection option

Reported by: hasienda Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: major Keywords: auth hash htpasswd
Cc: mitar Trac Release: 0.11


Upon implementing #8933 I recognized, that the hash type selection of HtPasswdStore has been reused verbatim in HtPasswdHashMethod for SessionStore.

This is insane (for defining same option twice) and troublesome for someone aiming at use of both authentication stores in parallel, because different hash types are ultimately impossible to achieve. Apparently situation is similar to the configuration option clash between both AbstractPasswordFileStore implementations (see #4677).

Since this

  1. has never been documented (most probably been unintended)
  2. is not easy to deduce from a non-developer point of view and
  3. contradicts the recent tendency of AcctMgr to support multiple authentication stores for store migration scenarios as well as for regular application,

it should be fixed.

Attachments (0)

Change History (4)

comment:1 Changed 3 years ago by hasienda

  • Status changed from new to assigned

Turns out, that HtDigestStore is involved as well, because it's htdigest_realm is illegally re-defined for SessionStore as well. We'll fix this as well for the next release.

comment:2 Changed 3 years ago by hasienda

(In [10494]) AccountManagerPlugin: Rename hash type option of HtPasswdHashMethod for SessionStore, refs #8990.

Beware: This will change effective configuration of an existing
applications, that uses SessionStore with HtPasswdHashMethod and hash type
other than crypt. Nevertheless this is strictly required to resolve the
current, insane situation (see #8990).

Regarding i18n there are two new msgids, but let's accumulate some more
changes before the next message catalog update.

comment:3 Changed 3 years ago by hasienda

(In [10497]) AccountManagerPlugin: Update unittest for SessionStore with new config option name, refs #8990.

comment:4 Changed 20 months ago by hasienda

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.

Availability of that code as stable release
closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.

Some more issues have been worked-on, yet without confirmed resolution,
refs #5464 (for JiraToTracIntegration), #8927 and #10134.

And finally there are some issues and enhancement requests showing progress,
but known to require more work to resolve them satisfactorily,
refs #843, #1600, #5964, #8217, #8933.

Thanks to all contributors and followers, that enabled and encouraged a good
portion of this development work.

Add Comment

Modify Ticket

as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from hasienda. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.