On Mon, Sep 19, 2016 at 09:35:46AM +0200, Aurelien Bompard wrote: > I've thought about that over the weekend and I think we could just disable > user signup by redirecting users to FAS. This way existing Persona users > could still request a password and login, but the bulk of new users would > just create accounts in FAS. Of course we would sill have a database with > passwords for some users, but since (to my knowledge) former Persona users > can't be migrated to FAS directly, I don't think we can avoid that. > For those who had nightmares for too long with the Mailman 2 plaintext > password storage and fear it's coming back, rest assured that the > passwords are hashed and salted by Django. There may even be pepper and > garlic. > Thoughts, suggestions? Hi Aurélien, Thanks for the heads-up, I was wondering, do you have some order of magnitude of how many accounts we're talking about? Could it be possible to check how many of these people have a FAS account with the same email? (I know I logged in on HK w/ persona a while back and I was using the same email as is attached to my FAS account, for example). Just to have some ideas :) Thanks, Pierre _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
