79 lines
2.7 KiB
HTML
79 lines
2.7 KiB
HTML
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
|
|
lang="en" dir="ltr">
|
|
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title></title>
|
|
<!-- metadata -->
|
|
<meta name="generator" content="Offline" />
|
|
<meta name="version" content="Offline 0.1" />
|
|
<!-- style sheet links -->
|
|
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
|
|
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
|
|
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
|
|
|
|
</head>
|
|
<body>
|
|
<div class="dokuwiki export">
|
|
|
|
|
|
<h1 class="sectionedit1" id="store_user_password_in_session">Store user password in session</h1>
|
|
<div class="level1">
|
|
|
|
</div>
|
|
<!-- EDIT1 SECTION "Store user password in session" [1-46] -->
|
|
<h2 class="sectionedit2" id="presentation">Presentation</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
Password is not a common attribute. Indeed, in most of the cases, it is not stored in clear text in the backend (LDAP or database).
|
|
</p>
|
|
|
|
<p>
|
|
So, to keep user password in session, you cannot just export the password variable in session. To bypass this, <abbr title="LemonLDAP::NG">LL::NG</abbr> can remember what password was given by user on authentication phase.
|
|
</p>
|
|
|
|
<p>
|
|
<p><div class="noteimportant">
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> As this may be a security hole, password store in session is not activated by default</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> This mechanism can only work with authentication backends using a login/password form (<a href="../../documentation/2.0/authldap.html" class="wikilink1" title="documentation:2.0:authldap">LDAP</a>, <a href="../../documentation/2.0/authdbi.html" class="wikilink1" title="documentation:2.0:authdbi">DBI</a>, …)</div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
|
|
</div></p>
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT2 SECTION "Presentation" [47-642] -->
|
|
<h2 class="sectionedit3" id="configuration">Configuration</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
Go in Manager, <code>General Parameters</code> » <code>Sessions </code> » <code>Store user password in session data</code> and set to <code>On</code>.
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT3 SECTION "Configuration" [643-787] -->
|
|
<h2 class="sectionedit4" id="usage">Usage</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
User password is now available in <code>$_password</code> variable. For example, to send it in an header:
|
|
</p>
|
|
<pre class="code">Auth-Password => $_password</pre>
|
|
|
|
<p>
|
|
<p><div class="notetip">For security reasons, the password is not shown in sessions explorer.
|
|
</div></p>
|
|
</p>
|
|
|
|
</div>
|
|
</div><!-- closes <div class="dokuwiki export">--> |