Crowd
  1. Crowd
  2. CWD-2216

Document: User from ActiveDirectory can authenticate with previous password after changing password through Crowd.

    Details

    • Type: Task Task
    • Status: Open
    • Priority: Trivial Trivial
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Documentation
    • Labels:
      None
    • Environment:

      Crowd 2.2.0.m5

    • Last commented by user?:
      true

      Description

      Note: I would like to bring this to the attention of the doc team. I was confused for a while and thinking that we had a security bug in our hands. Turns out this is a known issue with AD, and there are ways to mitigate how long the old password remains active for: http://support.microsoft.com/kb/906305

      • Add an ActiveDirectory in Crowd with Read-Write permissions. I used ldaps://crowd-ad1.sydney.atlassian.com:636 (make sure to install the certificate as mentioned here: https://extranet.atlassian.com/display/CROWD/LDAP+Servers
      • Add the directory to an application and set allow all to authenticate = true.
      • Verify that you can authenticate with the AD user by going to the Authentication Test
      • Go to the Users tab and select the AD user.
      • Change the users password
      • Go back to the Authentication Test

      Expected: User to only be able to authenticate with the new password

      Actual: User can authenticate with the new password as well as the old one.

        Activity

        Hide
        Akira Higuchi added a comment -

        Federico

        I was confused with this function, but your information was very helpful. I hope to update document.

        Thank you.

        Show
        Akira Higuchi added a comment - Federico I was confused with this function, but your information was very helpful. I hope to update document. Thank you.

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Last commented:
              2 years, 1 week ago