Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-1137

Default to sha1 hashes rather than the infrequently implemented atlassian-sha1

    XMLWordPrintable

    Details

      Description

      When one creates an internal directory (including in the setup wizard), one of the options is the "password encryption" type:

      As you can see, we default to "atlassian-sha1", and the note below virtually insists on it (who would install Crowd if they didn't want "compatibility between Atlassian products"?).

      This is terrible, because we're effectively locking user passwords into a proprietary format. In particular, LDAP directories don't support 'atlassian-sha1', which means users of the internal directory cannot migrate to a proper LDAP implementation, without losing their passwords.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            7ee5c68a815f Jeff Turner
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: