Opened 4 years ago

Last modified 4 years ago

#9326 assigned Bug/Something is broken

share.mayfirst.org not updating passwords?

Reported by: https://id.mayfirst.org/ross Owned by: https://id.mayfirst.org/jamie
Priority: Urgent Component: Tech
Keywords: share.mayfirst.org Cc:
Sensitive: no

Description

Something seems to be wrong with how share.mayfirst.org is handling password re-construction. I currently can only authenticate in share with a password that was changed weeks ago and has been change multiple times since then. I'm not sure why this is...I have flushed privileges on seso and restarted the login-service on hay, but the same old password continues to be validated for share.mayfirst.org.

The weird thing about this is that I started getting failure notices for my previously configured passwords on icedove. I cannot remember with certainty, but I believe I had updated my passwords in icedove, which leads me to believe that owncloud reverted to an earlier password (again, I do not remember for certain about this last part), but it was weird that I was getting password failures until I entered the old password.

~/ross

Change History (5)

comment:1 Changed 4 years ago by https://id.mayfirst.org/ross

  • Owner set to https://id.mayfirst.org/jamie
  • Status changed from new to assigned

comment:2 Changed 4 years ago by https://id.mayfirst.org/erq

hi jamie, similar case for me. I only can access https://share.mayfirst.org with the initial password i used for the first time on this service, but not with the current one that supposed to be valid.

comment:3 Changed 4 years ago by https://id.mayfirst.org/jamie

Hi all - the immediate problem is fixed: new passwords should properly work.

The reason for the failure was: whenever we re-create the special mysql hash function (that allow a mysql user to test a password but not directly access the password table), we have to re-grant permission to those functions to the "login-service" user. That's the user our login service system uses, and share.mayfirst.org uses that service to authenticate users.

The reason you got strange behavior with old passwords may be because owncloud might check the built-in user table if our auth fails?

jamie

comment:4 Changed 4 years ago by https://id.mayfirst.org/jamie

Hm. It appears that the desktop sync client for owncloud uses the built-in mysql user table, and ignore any external authentication.

And, thanks to #8125, users can no longer update their password in the built-in mysql user table. So, if a user changes their control panel password, their desktop sync'ing will stop working with no way to fix that password :(.

comment:5 Changed 4 years ago by https://id.mayfirst.org/jamie

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.