[TASK] Add note on modified authentication services to NEWS.txt

Change-Id: I553031b98e47371120e6c25b0427a6318d016b42
Resolves: #32864
Related: #30271
Reviewed-on: http://review.typo3.org/7830
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

NEWS.txt

@@ -60,7 +60,27 @@ Other General Improvements
 Security
 -------------------------------------------------------------------------------
 
-...
+Authentication Services
+-------------------------------------------------------------------------------
+
+With this version the authentication chain has been cleaned up so that third
+party authentication services can benefit from RSA encrypted login without the
+need of decrypting the submitted password in their own code. The extension
+rsaauth will now decrypt the password and provide the decrypted version for
+other services.
+So external authentication services can access the clear text password always
+through $this->loginData['uident_text'], no matter if the password has been
+transmitted as plain text during the login or rsaauth has decrypted it.
+
+Due to major changes in the login service of rsaauth, all extensions which
+use XCLASS to extend that class, most likely will fail, whereas other extension
+which make proper use of the public API of the rsaauth extensions will continue
+working without any problem.
+In any case, it is recommended to adjust external authentication services to
+benefit from the changes.
+
+See new chapter in TYPO3 services documentation (doc_core_services) about the
+topic of authentication services: http://forge.typo3.org/issues/31413
 
 -------------------------------------------------------------------------------
 Backend