How do I prevent Moodle from saving passwords if using LDAP Authentication

How do I prevent Moodle from saving passwords if using LDAP Authentication

by Ike Tylor -
Number of replies: 6

One thing I would like to make sure of is that Moodle 2.8.1 is not saving passwords in the moodle database.

There is some confusion in the documentation regarding this.

 

The instructions say this:

Hide passwords As you don't want to store the users's password in Moodle's database, choose Yes here.

 

But the config page says this.

 

Cache passwords Select yes to prevent passwords from being stored in Moodle's DB.

 

It kind of seems backwards. I would think caching the passwords is putting it in the moddle db.


Average of ratings: -
In reply to Ike Tylor

Re: How do I prevent Moodle from saving passwords if using LDAP Authentication

by Colin Fraser -
Picture of Documentation writers Picture of Testers

mmm I suspect this is one of those discussions where a Moodle Dev or Document Writer, uses language one way and we interpret it another. This is annoying when I run across it, so tend to fix it. It also depends on how you interpret "Cache". The cache for Moodle is a temporary storage on the User's computer, and I have always interpreted that as being with a cookie, not in the database. I may be wrong here, but that is how I have looked at it, So no, either way, the passwords do not get stored in the database. Of course, you could always test that.   

Average of ratings: -
In reply to Colin Fraser

Re: How do I prevent Moodle from saving passwords if using LDAP Authentication

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Colin

Your intepretation is going to clash with the Moodle's interpretation(s): https://moodle.org/mod/glossary/showentry.php?eid=7265&displayformat=dictionary and https://docs.moodle.org/28/en/Cache.
Average of ratings: -
In reply to Visvanath Ratnaweera

Re: How do I prevent Moodle from saving passwords if using LDAP Authentication

by Colin Fraser -
Picture of Documentation writers Picture of Testers

Wouldn't be the first time Visvanath,...smile But looking at Helen's comment below, that makes it clear. 

I have never claimed to be any sort of technical wiz on how these machines work, but I would really like to know how the language is used by ordinary people like me and how it is mangled by experts.... 

Average of ratings: -
In reply to Ike Tylor

Re: How do I prevent Moodle from saving passwords if using LDAP Authentication

by Ken Task -
Picture of Particularly helpful Moodlers

Time for a little mysql query, me thinks:

Check your settings regarding this so you know how it's set and without changing any current config of Moodle run this query on the DB for your Moodle:

select auth,password from `mdl_user` where (`auth` like "ldap")

Then, change settings to where you think passwords would be stored in the DB.  Run the query again.

You will have to login as a user known to have settings to authenticate via LDAP.

Yes, the phrasing is 'confusing', but this is a way to assure yourself that passwords are not stored in the DB and that you have it configured to your taste.

'spirit of sharing', Ken

Average of ratings: -
In reply to Ken Task

Re: How do I prevent Moodle from saving passwords if using LDAP Authentication

by Ike Tylor -

Thank you both very much!


Average of ratings: -
In reply to Ike Tylor

Re: How do I prevent Moodle from saving passwords if using LDAP Authentication

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Thanks Ken for explaining how to test whether passwords are saved or not.

Apologies for the misleading documentation and setting name in Moodle. The LDAP setting was actually recently changed from 'Hide passwords' to 'Cache passwords' by mistake, rather than 'Don't cache passwords'. It's now correct in the documentation LDAP authentication and will be correct in the releases due out on 12 January 2015.

Average of ratings: -