datasealer error messages
Cantor, Scott
cantor.2 at osu.edu
Fri Jan 29 18:30:52 UTC 2021
On 1/29/21, 1:12 PM, "users on behalf of Rene Paquin" <users-bounces at shibboleth.net on behalf of rpaquin at wlu.ca> wrote:
>
> We do save the passwords for MFA authentication.
That's not how any MFA method I know of works. Saving the password is something you do to replay it to some other system, such as if you wanted to log into a directory as the user instead of with a service account.
> In that case what is the impact?
They won't be there any time the data is reloaded from a prior result, the system just drops it on the floor when it serializes the result that contained a PasswordPrincipal.
This isn't something that you just don't notice. If you don't notice, you're not using it and you shouldn't have told it to even save the password in the first place. If you needed it, it wouldn't have been working all along.
-- Scott
More information about the users
mailing list