Right now auth_key_sha256 should be sha256 for both username and password, I suggest splitting the 2
I don’t integrate tools into LDAP configs to keep failures isolated.
This means I have to do (and want to do) user (and password) management within RoR itself.
However, I would like people to be able to choose their own passwords.
So I would like to see a new auth_key option like auth_key_sha256_passwordonly that has the username as clear text and the password as a sha256 hash.
This way I have full control over the username, but people can send me a sha256 hash of their password.
This way I can manage usernames and passwords completely from RoR but I still wouldn’t know my users passwords.
With the current auth_key_sha256 theoratically people could send me a sha256 hash with a different username then I intentded for them.
This would make for a safer configuration as the administrator doesn’t need to know the users password at all
Have 2 options:
sha hash containg username and password
sha hash containing only the password for a user.
Let’s do this?