ethanal
commented
9 years ago What is the password checked against?
Closed ethanal closed 9 years ago
ethanal
commented
9 years ago What is the password checked against?
pefoley2
commented
9 years ago Shouldn't you be able to do a default username/pass ldap bind like for auth user?
ethanal
commented
9 years ago Oh simple bind with the eighthOffice account not authuser I see.
ethanal
commented
9 years ago Do any other accounts need a simple bind or can there just be a special case for eighthOffice?
pefoley2
commented
9 years ago Are you planning to implement master password?
ethanal
commented
9 years ago Master password is already implemented https://github.com/tjcsl/ion/blob/master/intranet/apps/auth/backends.py#L116-L166
pefoley2
commented
9 years ago Ok, I'd check w/ @ahamilto but I don't think anything other than authuser/eighthOffice should need a simple bind.
an-empty-string
commented
9 years ago According to @ahamilto the purpose of using an LDAP simple bind is to allow eighthoffice to still log in if Kerberos infrastructure is down (historically Kerberos KDCs ran on machines with other things as well, so they were not nearly as stable), so there should not be any other users that need an LDAP bind for authentication
ahamilto
commented
9 years ago I can do a query when i get home to check for any others. I think there might be some stembassadors accounts that use ldap binds.
jwoglom
commented
9 years ago This has been fixed, eighthoffice is now a Kerberos account. Will open another issue for future reference to keep the possibility of adding this open.
Needs to use a simple LDAP bind -- eighthOffice is not in kerberos.