On Mon, Sep 19, 2016 at 09:35:46AM +0200, Aurelien Bompard wrote:
I've thought about that over the weekend and I think we could
just disable
user signup by redirecting users to FAS. This way existing Persona users
could still request a password and login, but the bulk of new users would
just create accounts in FAS. Of course we would sill have a database with
passwords for some users, but since (to my knowledge) former Persona users
can't be migrated to FAS directly, I don't think we can avoid that.
For those who had nightmares for too long with the Mailman 2 plaintext
password storage and fear it's coming back, rest assured that the
passwords are hashed and salted by Django. There may even be pepper and
garlic.
Thoughts, suggestions?
Hi Aurélien,
Thanks for the heads-up, I was wondering, do you have some order of magnitude of
how many accounts we're talking about?
Could it be possible to check how many of these people have a FAS account with
the same email? (I know I logged in on HK w/ persona a while back and I was
using the same email as is attached to my FAS account, for example).
Just to have some ideas :)
Thanks,
Pierre