[SAC] [OSGeo] #2048: [wordpress] Install OpenID plugin
OSGeo
trac_osgeo at osgeo.org
Mon Dec 11 06:27:13 PST 2017
#2048: [wordpress] Install OpenID plugin
---------------------+-----------------------
Reporter: strk | Owner: robe
Type: task | Status: assigned
Priority: normal | Milestone:
Component: WebSite | Resolution:
Keywords: |
---------------------+-----------------------
Comment (by strk):
What created your account ? OpenID or wp-auth ?
What we want it:
- Users can only login as long as a LDAP entry exists
- OpenID can be accepted IFF the user logged in once
via LDAP and specified an OpenID URI.
Now I see this leaves open the possibility for an attacker
to obtain a LDAP account, register an OpenID URI and
survive removal of the account from LDAP, so I guess the
OpenID login we don't really want to enable.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2048#comment:9>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list