[Moin-user] Windows Authentication weirdness

Hiers, Richard Richard.Hiers at covenantseminary.edu
Fri Feb 10 06:35:03 EST 2006

I'm experimenting with windows authentication since upgrading to moin
1.5.2 and it seems to work well for our intranet.  When I visit the wiki
in IE 6 I'm automatically logged on with my windows credentials.  With
firefox or safari I'm presented with a login box.  So far so good.  I
was curious how this type of authentication handled password changes.

Johndoe (password Password1) visits mywiki for first time in IE 6,
account is created automatically.  Subsequent visits to mywiki using
firefox accepts Password1 as Johndoe's password.

Johndoe changes his windows login password to Password2.  Visits mywiki
in IE 6.  Pages look fine.  But afterwards when visiting mywiki using
firefox, mywiki accepts BOTH Password1 and Password2.  I've changed
passwords 3 or 4 times and now all the passwords are accepted for this
account.  Mywiki won't accept just any old password, only those this
user has used in the past.

What accounts for this?  I notice that the user files in the moin
directory no longer have an encrypted password listed.  Where is moin
storing these passwords, and can the old ones be discarded?


Richard Hiers
Director of IT Services
Covenant Theological Seminary

More information about the Moin-user mailing list