Bug #25375

Extension rsaauth 1.3.0 missing dependency for openssl

Added by Daniel Mueller about 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2011-03-23
Due date:
% Done:

0%

TYPO3 Version:
4.4
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

rsaauth needs to be able to execute openssl and must be able to call the functions openssl_pkey_new and openssl_pkey_export as is tested within the functions withtin the extension.

However, it does not say "openssl required" nor does it throw an error, when openssl is not accessible.

Deny PHP access to exec('openssl…
Either Passwords will be unencrypted or you will not be able to login as a frontend user, once you have activated loginSecurityLevel=rsa for frontend users.

(issue imported from #M18013)

History

#1 Updated by Steffen Gebert about 8 years ago

Hi Daniel,

saltedpasswords ships with checks, whether it's possible with the environment to use it. These checks show you red or green messages after installing in the Extension Manager.

There's also no dependency on the PHP module openssl, as it also works with the command line of openssl.

If none of this prerequisites is met, it shows you warnings that saltedpasswords will not work.

Do you think this is not sufficient or is it not the way I describe?

Using rsaauth standalone IMHO makes no sense. IIRC it also doesn't tell you, what options you have to change to modify the login process (which will result in failing logins without openssl).

#2 Updated by Susanne Moog almost 8 years ago

  • Status changed from Needs Feedback to Closed
  • Target version deleted (0)

Closing this issue because of no feedback within more than a month.

#3 Updated by Steffen Gebert over 7 years ago

  • Category set to Authentication

Also available in: Atom PDF