Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1137

Default to sha1 hashes rather than the infrequently implemented atlassian-sha1

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Low Low
    • None
    • None
    • None

      When one creates an internal directory (including in the setup wizard), one of the options is the "password encryption" type:

      As you can see, we default to "atlassian-sha1", and the note below virtually insists on it (who would install Crowd if they didn't want "compatibility between Atlassian products"?).

      This is terrible, because we're effectively locking user passwords into a proprietary format. In particular, LDAP directories don't support 'atlassian-sha1', which means users of the internal directory cannot migrate to a proper LDAP implementation, without losing their passwords.

              Unassigned Unassigned
              7ee5c68a815f Jeff Turner
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: