Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force
r=LpSolit,a=sgreen

Bug 917669 - invalid or expired authentication tokens and cookies should throw errors, not be silently ignored
r/a=glob

r=glob,a=sgreen

Bug 785283 - Support increased values for PASSWORD_SALT_LENGTH without breaking compat with old hashes
[r=LpSolit a=LpSolit]

r/a=LpSolit

r/a=LpSolit

r=wicked a=LpSolit

r/a=LpSolit

Bug 680131: Replace the MPL 1.1 license by the MPL 2.0 one in all files, and add it to files which miss one
r=kiko r=mkanat r=mrbball a=LpSolit

Make Login/Stack.pm refuse to continue down the stack if an Auth method returns an explicit failure. r=dkl, a=mkanat.

https://bugzilla.mozilla.org/show_bug.cgi?id=698423

r/a=mkanat

r=mkanat, a=mkanat

r/a=mkanat

Bug 575947: Users with passwords length less than 6 characters can't login after migration from 3.4.x or older to 3.6 or newer
r/a=mkanat

MS-SQL and SQLite support.

r=dkl, a=mkanat

provide login credentials on a LOGIN_REQUIRED page. (Before this, it was
attempting to display the HTML login page to JSON-RPC clients.)
r=dkl, a=mkanat

During the CVS imports into Bzr, there were some inconsistencies introduced
(mostly that files that were deleted in CVS weren't being deleted in Bzr).
So this checkin makes the bzr repo actually consistent with the CVS repo,
including fixing permissions of files.

Bug 467992: Login fails if the user's LDAP account is denied search in LDAP - Patch by Adam Batkin <adam@batkin.net> r/a=mkanat

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat

Bug 385606: Logincookies are recreated at each HTTP request when using the 'Env' auth method - Patch by FrÃdÃric Buclin <LpSolit@gmail.com> r/a=mkanat

Bug 355283: Lock out a user account on a particular IP for 30 minutes if they fail to log in 5 times from that IP.
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> (module owner) a=mkanat

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat

Bug 399073: Remove the 'loginnetmask' parameter - Patch by FrÃdÃric Buclin <LpSolit@gmail.com> r/a=mkanat

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat

Bug 488467: Verify and Login auth methods were being called in a random order, causing sudo sessions to frequently not need the user to re-enter their password.
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit

Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat

Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit

Patch by David Lawrence <dkl@redhat.com> = r/a=LpSolit

Bug 460770: Incorrect regexp when parsing the list of LDAP servers - Patch by FrÃdÃric Buclin <LpSolit@gmail.com> r/a=mkanat

Patch by David Lawrence <dkl@redhat.com> - a/r=mkanat

Bug 449984: Login cookies should be created as SSL-only on installations that require SSL - Patch by FrÃdÃric Buclin <LpSolit@gmail.com> r/a=mkanat

doesn't protect WebService calls at all
Patch by David Lawrence <dkl@redhat.com> - r/a=LpSolit/mkanat

Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat

in the respective bug reports.

Bug 428659 – Setting SSL param to 'authenticated sessions' only
protects logins and param doesn't protect WebService calls at all
Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat

Bug 445104: ssl redirects come with a 200 OK HTTP code on mod_perl
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat

Bug 428659 – Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all
Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat