@@ -64,11 +64,19 @@ ietfdb (5.3.0) ietf; urgency=medium
6464 hash scheme, upon his or her first successful login after the deployment.
6565
6666 The email-verification roundtrip which is required to create a new login, or
67- change the password of an existing login, is retained. For the time being,
68- creating an account and updating a password will also be reflected in the
69- htpasswd file which was used for authentication previously; however, since
70- this cancels the advantage of stronger password hashing which django's built-in
71- authentication provides, it should be phased out as soon as possible.
67+ change the password of an existing login, is retained.
68+
69+ For the large majority of users, who either didn't have a password hash in
70+ the database before the transition to the Python/Django based database
71+ frontend on 16 July 2010, or had a password hash in the database, but have
72+ updated their password after 3 July 2012, there should be no impact.
73+ Password hashes have been imported as needed from the http auth password
74+ hash file. The few who had a password hash in the system before 16 July
75+ 2010, and haven't updated their password since 3 July 2012 are encouraged to
76+ set a new password using the password reset form at
77+ https://datatracker.ietf.org/accounts/reset/ .
78+ If there are issues which prevent a password reset, please email
79+ henrik@tools.ietf.org for assistance.
7280
7381 -- Henrik Levkowetz <henrik@levkowetz.com> 12 Apr 2014 20:14:17 +0200
7482
0 commit comments