2016-10-15 19:57:04 +02:00
<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:passwordstore< / title >
< meta name = "generator" content = "DokuWiki" / >
< meta name = "robots" content = "index,follow" / >
< meta name = "keywords" content = "documentation,2.0,passwordstore" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "passwordstore.html" / >
< link rel = "contents" href = "passwordstore.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : p a s s w o r d s t o r e " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
2017-02-07 17:35:26 +01:00
//else -->
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< / head >
< body >
< div class = "dokuwiki export container" >
<!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Presentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configuration" > Configuration< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#usage" > Usage< / a > < / div > < / li >
< / ul >
< / div >
< / div >
<!-- TOC END -->
< h1 class = "sectionedit1" id = "store_user_password_in_session" > Store user password in session< / h1 >
< div class = "level1" >
< / div >
<!-- EDIT1 SECTION "Store user password in session" [1 - 46] -->
< h2 class = "sectionedit2" id = "presentation" > Presentation< / h2 >
< div class = "level2" >
< p >
Password is not a common attribute. Indeed, in most of the cases, it is not stored in clear text in the backend (LDAP or database).
< / p >
< p >
So, to keep user password in session, you cannot just export the password variable in session. To bypass this, < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > can remember what password was given by user on authentication phase.
< / p >
< div class = "noteimportant" > < ul >
< li class = "level1" > < div class = "li" > As this may be a security hole, password store in session is not activated by default< / div >
< / li >
< li class = "level1" > < div class = "li" > This mechanism can only work with authentication backends using a login/password form (< a href = "authldap.html" class = "wikilink1" title = "documentation:2.0:authldap" > LDAP< / a > , < a href = "authdbi.html" class = "wikilink1" title = "documentation:2.0:authdbi" > DBI< / a > , …)< / div >
< / li >
< / ul >
< / div >
< / div >
<!-- EDIT2 SECTION "Presentation" [47 - 642] -->
< h2 class = "sectionedit3" id = "configuration" > Configuration< / h2 >
< div class = "level2" >
< p >
Go in Manager, < code > General Parameters< / code > » < code > Sessions < / code > » < code > Store user password in session data< / code > and set to < code > On< / code > .
< / p >
< / div >
<!-- EDIT3 SECTION "Configuration" [643 - 787] -->
< h2 class = "sectionedit4" id = "usage" > Usage< / h2 >
< div class = "level2" >
< p >
User password is now available in < code > $_password< / code > variable. For example, to send it in an header:
< / p >
< pre class = "code" > Auth-Password => $_password< / pre >
< div class = "notetip" > For security reasons, the password is not shown in sessions explorer.
< / div >
< / div >
<!-- EDIT4 SECTION "Usage" [788 - ] --> < / div >
< / body >
< / html >