View Issue Details

IDProjectCategoryView StatusLast Update
0004334unrealircdpublic2015-05-23 15:12
Reportersyzop Assigned Tosyzop  
Status resolvedResolutionfixed 
Target Version3.4-alpha2Fixed in Version3.4-alpha3 
Summary0004334: make auth-type optional for password
DescriptionI have not fully checked but I think it should be possible to see what the auth-type is without the user specifying an explicit auth-type. We can do this based on size and some other factors. So...

password <password> { <auth-type>; };

password <password>;

Making auth-type optional.

Note that auth-type will NOT actually be REMOVED. You would still need it for sslclientcert and such, it's just for hashed passwords that you no longer need it. Also, you can still force an explicit auth type for backward compatibility.
TagsNo tags attached.
3rd party modules



2014-10-28 04:57

reporter   ~0018267

Even though it'd be fairly difficult to randomly specify a password that matches an existing auth-type, it still may happen and cause confusion.

Additionally, when (if) we allow modules to add auth-types, will they be able to add an auto-detect type?


2014-11-05 16:47

administrator   ~0018275

I'll take that into account, Stealth. You're right, if it's too unsafe we shouldn't do it. This bug is basically both about investigating it & doing it if it's ok.

As for module auth types, I guess we'll cross that bridge when... :D


2015-05-23 15:11

administrator   ~0018329

Added in 3.4-alpha3:

Issue History

Date Modified Username Field Change
2014-10-25 09:32 syzop New Issue
2014-10-28 04:57 Stealth Note Added: 0018267
2014-11-05 16:47 syzop Note Added: 0018275
2015-05-23 15:11 syzop Note Added: 0018329
2015-05-23 15:11 syzop Status new => resolved
2015-05-23 15:11 syzop Fixed in Version => 3.4-alpha3
2015-05-23 15:11 syzop Resolution open => fixed
2015-05-23 15:11 syzop Assigned To => syzop