From 6a4e7c72fc964808d3338a1355b891c8361edca3 Mon Sep 17 00:00:00 2001 From: Morris Jobke Date: Tue, 27 Nov 2018 11:25:06 +0100 Subject: [PATCH] Document behaviour of device-specific passwords on password change Signed-off-by: Morris Jobke --- user_manual/session_management.rst | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/user_manual/session_management.rst b/user_manual/session_management.rst index 3bded1b38..caa88ada1 100644 --- a/user_manual/session_management.rst +++ b/user_manual/session_management.rst @@ -44,3 +44,24 @@ those individually if necessary. .. note:: If you are :doc:`user_2fa` for your account, device-specific passwords are the only way to configure clients. The client will deny connections of clients using your login password then. + +Device-specific passwords and password changes +---------------------------------------------- + +The behaviour of device-specific passwords during changes of the main password +changed in different versions of Nextcloud. + +Up to Nextcloud 13 + Device-specific passwords are removed on password change and also are + removed once they are not valid anymore if an external user backend is + used. + +Nextcloud 14 + For local user backend the device-specific passwords are updated properly + and continue to work. For external user backends (like LDAP/AD) the + device-specific passwords are still removed. + +Starting with Nextcloud 15 + For password changes in external user backends the device-specific passwords + are marked as invalid and once a login of the user account with the main + password happens all device-specific passwords are updated and work again.