-
Bug
-
Resolution: Obsolete
-
Low
-
None
-
None
-
None
When one creates an internal directory (including in the setup wizard), one of the options is the "password encryption" type:
As you can see, we default to "atlassian-sha1", and the note below virtually insists on it (who would install Crowd if they didn't want "compatibility between Atlassian products"?).
This is terrible, because we're effectively locking user passwords into a proprietary format. In particular, LDAP directories don't support 'atlassian-sha1', which means users of the internal directory cannot migrate to a proper LDAP implementation, without losing their passwords.
[CWD-1137] Default to sha1 hashes rather than the infrequently implemented atlassian-sha1
Workflow | Original: Simplified Crowd Development Workflow v2 - restricted [ 1511035 ] | New: JAC Bug Workflow v3 [ 3365396 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Workflow | Original: Simplified Crowd Development Workflow v2 [ 1393001 ] | New: Simplified Crowd Development Workflow v2 - restricted [ 1511035 ] |
Workflow | Original: Crowd Development Workflow v2 [ 272890 ] | New: Simplified Crowd Development Workflow v2 [ 1393001 ] |
Resolution | New: Obsolete [ 11 ] | |
Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
Assignee | Original: David O'Flynn [Atlassian] [ doflynn ] |
Workflow | Original: JIRA Bug Workflow v2 [ 173552 ] | New: Crowd Development Workflow v2 [ 272890 ] |
Workflow | Original: jira [ 128845 ] | New: JIRA Bug Workflow v2 [ 173552 ] |
Component/s | New: Backend / Domain Model [ 11545 ] |
Priority | Original: Critical [ 2 ] | New: Minor [ 4 ] |
Summary | Original: atlassian-sha1 must die | New: Default to sha1 hashes rather than the infrequently implemented atlassian-sha1 |