On Thu, May 17, 2012 at 9:46 AM, Ken Dreyer <ktdre...@ktdreyer.com> wrote: > I think it would be better to register the LDAP or Kerberos users with > cryptographically random passwords. What form do you recommend?
Digging a bit more, it looks like the Crowd plugin suffers from the same "default password in the database" problem. Here's a proposed patch: call user.reset_password after saving the user. Advantages: 1. The database password is no longer known to anyone. 2. Reuse the same cryptographic complexity upon which the usual "reset password" application function relies. - Ken -- To post to this group, send email to gitorious@googlegroups.com To unsubscribe from this group, send email to gitorious+unsubscr...@googlegroups.com
gitorious-rand-passwords.diff
Description: Binary data