Drupal allows users to change theyr login names. So UID stays as is and name changes. This operation makes avaliable user and password with indifinete lifetime in access files.

Now administrator MUST use Requre group name construction instead of Require valid-user

Please do handle username change or use UID as secondary key.

Comments

m.fu’s picture

m.fu commented

You are correct, the htpasswd file is update with drupal content, not replaced, this is by design.
I will add an option to overwrite, this will effectively destroy unwanted users and provide the requested behaviour.

fasdalf@fasdalf.ru’s picture

fasdalf@fasdalf.ru commented

Please pay atention. Module's database table also contains obsolete users.

m.fu’s picture

m.fu commented

this behaviour is currently "by design" I need to keep track of disabled users when trying to synchronize with the file.
But I will implement some cleanup in the cron script.

m.fu’s picture

m.fu commented
Status: Active » Postponed
m.fu’s picture

m.fu commented
Status: Postponed » Fixed

the cron job does cleanup the htpasswdsync table of realy delete users, however you need to activate the htpasswd overwrite feature.
name change are now handled.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.