Skip to content

5.3.0

Compare
Choose a tag to compare
@NGPixel NGPixel released this 16 Mar 22:45
· 11398 commits to main since this release

Summary: Django Authentication replaces Basic HTTP Auth
Release Date: Sat, April 12, 2014 at 6:14 PM UTC
Release Author: Henrik Levkowetz


This release changes user authentication for the datatracker from basic http
auth to Django's built-in authentication. This has the advantage of making it
possible to log out, and log in as a different user, which can be useful,
and it also changes the password hash storage for each user to a much stronger
hash scheme, upon his or her first successful login after the deployment.

The email-verification roundtrip which is required to create a new login, or
change the password of an existing login, is retained.

For the large majority of users, who either didn't have a password hash in
the database before the transition to the Python/Django based database
frontend on 16 July 2010, or had a password hash in the database, but have
updated their password after 3 July 2012, there should be no impact.
Password hashes have been imported as needed from the http auth password
hash file. The few who had a password hash in the system before 16 July
2010, and haven't updated their password since 3 July 2012 are encouraged to
set a new password using the password reset form at
https://datatracker.ietf.org/accounts/reset/ .
If there are issues which prevent a password reset, please email
henrik@tools.ietf.org for assistance.