Details
-
Suggestion
-
Resolution: Fixed
-
None
-
JIRA 1.3.3, Resin, Novell NDS.
Description
I would like to suggest that if JIRA loads the user details (id and password) from a cookie and attempts to authenticate and fails then JIRA should delete the cookie.
The logic behind this is:
We are using LDAP for authentication to Novell's NDS and if a user gets JIRA to remember their id and password (by saving a cookie). When the user changes their NDS password (as it expires every 20 days) and the user then attempts to get into JIRA. JIRA will load the cookie with the old password and lock the user's NDS account dur to too many failed login attemtps.
With the suggested change there would be only one failed login attempt and the user would be promoted to login which they would be able to do with their new password.
Greg.