BUG: User doesn't REALLY log in with domain credentials
I had a new account created in our domain, and waited for 10-15 minutes to make sure it was propogated out.
I was unable to log in to ServiceDesk Plus using the username, password and specifying the domain. It appears there is no contact with the domain to see if it's a legitimate username.
I went in as an admin, and created by hand a requester with the name/password I had created.
I attempted to log in again as the user, and was able to get in, even though I specified the domain credentials.
Then, I got in as the admin again, and changed the password in ServiceDesk Plus for the requester account, or at least it said it was successful.
I logged out, and tried logging in with the new password, which it wouldn't let me do. But if I used the original domain password it would. Which seems to tell me that there's no communication between the domain and ServiceDesk Plus, as it pertains to logging in. That means a password is cached somewhere locally in mysql. I can only hope it's encrypted.
And the login page with the domain vs. local authentication doesn't seem to be correct in stating that.
So I would classify this as a 1 or more bugs.
I was unable to log in to ServiceDesk Plus using the username, password and specifying the domain. It appears there is no contact with the domain to see if it's a legitimate username.
I went in as an admin, and created by hand a requester with the name/password I had created.
I attempted to log in again as the user, and was able to get in, even though I specified the domain credentials.
Then, I got in as the admin again, and changed the password in ServiceDesk Plus for the requester account, or at least it said it was successful.
I logged out, and tried logging in with the new password, which it wouldn't let me do. But if I used the original domain password it would. Which seems to tell me that there's no communication between the domain and ServiceDesk Plus, as it pertains to logging in. That means a password is cached somewhere locally in mysql. I can only hope it's encrypted.
And the login page with the domain vs. local authentication doesn't seem to be correct in stating that.
So I would classify this as a 1 or more bugs.
