Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-1137

Default to sha1 hashes rather than the infrequently implemented atlassian-sha1

    XMLWordPrintable

Details

    Description

      When one creates an internal directory (including in the setup wizard), one of the options is the "password encryption" type:

      As you can see, we default to "atlassian-sha1", and the note below virtually insists on it (who would install Crowd if they didn't want "compatibility between Atlassian products"?).

      This is terrible, because we're effectively locking user passwords into a proprietary format. In particular, LDAP directories don't support 'atlassian-sha1', which means users of the internal directory cannot migrate to a proper LDAP implementation, without losing their passwords.

      Attachments

        1. crowd_encryption.png
          5 kB
          Jeff Turner

        Activity

          People

            Unassigned Unassigned
            7ee5c68a815f Jeff Turner
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: