cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rene Moser <m...@renemoser.net>
Subject Authentication with old LDAP passwords
Date Mon, 26 Oct 2015 14:30:47 GMT
ACS 4.5.1

Hi

We discovered an issue which can be security relevant and may also exist
in 4.6.

We use LDAP for user authentication, once a user is authenticated, it
seems this password will be cached on cloudstack management.

If the password has been changed on LDAP, the old password(s) still
works for authentication unless you restart the management server.

We didn't find a global setting related to this. Is this wanted?

Otherwise I would create a bug report.

Yours
René




Mime
View raw message