[TYPO3-v4] Enabling saltedpasswords and rsaauth by default

[Steffen Gebert]

Hi Helmut,

> I talked to Xavier at the T3CTM and he was fine enabling saltedpasswords
> and rsaauth by default before feature freeze of 4.6. and implementing
> checks if both are working properly until the final release.

I think we're all in favor of this :)

I think, the biggest blocker was the limited possibility of pre-install 
checks. So whether the environment allows to use rsaauth or not etc.
Dunno, if improving this is already covered in the Install Tool 
refactorings.

> I'm now wondering what would be the best for enabling the extensions.
>
> The easiest would be to just add them to the extlist in localconf.php
> but this file is not in the repository, is it? Is this part of the
> packaging script?
But then, the user might not be able to login, if openssl is not 
available. Maybe saltedpasswords hooks itself (like DBAL) into the 1-2-3 
wizard and (de)activates itself, if prerequisites are (not) met?

localconf.php is part of the distributions repositories, e.g. here:
http://git.typo3.org/TYPO3v4/Distributions/Blank.git?a=tree;f=Resources/typo3conf;h=d5206169e5bde7a4a5c20f9b73627d16e56675f6;hb=HEAD

> The alternative would be to install the extensions at some point during
> the install process using the extension manager API, but this would be a
> bit more complicated.
Yes, for sure. Nevertheless, I think that's the way to go, in order to 
avoid too many frustrated users.

For existing sites, we could also add an Upgrade Wizard, which at least 
strongly advices users to install saltedpasswords.

Kind regards
Steffen

-- 
Steffen Gebert
TYPO3 v4 Core Team Member
TYPO3 Server Administration Team Member

TYPO3 .... inspiring people to share!
Get involved: http://typo3.org