From: Petr Skoda <skodak@moodle.org>
Date: Tue, 17 Nov 2009 16:45:57 +0000 (+0000)
Subject: MDL-18006 MDL-18807 MDL-20853 tried to explain that admin must copy old main solat... 
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=99fd6ddec382ec34bea244960531177606d074f3;p=moodle.git

MDL-18006 MDL-18807 MDL-20853 tried to explain that admin must copy old main solat to alternative salt list, otherwise all passwords with old salt are invalidated
---

diff --git a/lang/en_utf8/report_security.php b/lang/en_utf8/report_security.php
index ce0887b88c..5acd90fbf6 100644
--- a/lang/en_utf8/report_security.php
+++ b/lang/en_utf8/report_security.php
@@ -123,7 +123,9 @@ $string['check_passwordsaltmain_name'] = 'Password salt';
 $string['check_passwordsaltmain_warning'] = 'No password salt has been set';
 $string['check_passwordsaltmain_ok'] = 'Password salt is OK';
 $string['check_passwordsaltmain_weak'] = 'Password salt is weak';
-$string['check_passwordsaltmain_details'] = '<p>It is strongly recommended that a password salt is set as it greatly reduces the risk of password theft.<br />To set a password salt add the following to your config.php file.</p><code>\$CFG->passwordsaltmain = \'a_very_long_random_string_of_characters#@6&*1\';</code><p>The random string of characters should be a mix of letters, numbers and other characters.</p>';
+$string['check_passwordsaltmain_details'] = '<p>It is strongly recommended that a password salt is set as it greatly reduces the risk of password theft.<br />To set a password salt add the following to your config.php file.</p><code>\$CFG->passwordsaltmain = \'a_very_long_random_string_of_characters#@6&*1\';</code>
+<p>The random string of characters should be a mix of letters, numbers and other characters.</p>
+<p>When changing main salt make sure that you include the old value in config.php, there may be 20 alternative salts. Without the old value in alternative salts list users will not be able to login and will have to use password reset.<br /><code>\$CFG->passwordsaltalt1 = \'previous_main_salt\';</code><br /></p>';
 
 $string['check_riskadmin_detailsok'] = '<p>Please verify the following list of system administrators:</p>$a';
 $string['check_riskadmin_detailswarning'] = '<p>Please verify the following list of system administrators:</p>$a->admins