From b4137577a784d9ca3da6e9a099cb4dc8ccd38882 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Tue, 17 Jan 2012 15:48:41 +0100
Subject: [PATCH] [TASK] Add note on modified authentication services to
 NEWS.txt

Change-Id: I553031b98e47371120e6c25b0427a6318d016b42
Resolves: #32864
Related: #30271
Reviewed-on: http://review.typo3.org/7830
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
---
 NEWS.txt | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/NEWS.txt b/NEWS.txt
index 49a4f3ee5ca1..231109105d81 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -60,7 +60,27 @@ Other General Improvements
 Security
 -------------------------------------------------------------------------------
 
-...
+Authentication Services
+-------------------------------------------------------------------------------
+
+With this version the authentication chain has been cleaned up so that third
+party authentication services can benefit from RSA encrypted login without the
+need of decrypting the submitted password in their own code. The extension
+rsaauth will now decrypt the password and provide the decrypted version for
+other services.
+So external authentication services can access the clear text password always
+through $this->loginData['uident_text'], no matter if the password has been
+transmitted as plain text during the login or rsaauth has decrypted it.
+
+Due to major changes in the login service of rsaauth, all extensions which
+use XCLASS to extend that class, most likely will fail, whereas other extension
+which make proper use of the public API of the rsaauth extensions will continue
+working without any problem.
+In any case, it is recommended to adjust external authentication services to
+benefit from the changes.
+
+See new chapter in TYPO3 services documentation (doc_core_services) about the
+topic of authentication services: http://forge.typo3.org/issues/31413
 
 -------------------------------------------------------------------------------
 Backend
-- 
GitLab