[IMP] auth_crypt: auto-install, improve description, bump version

The compatibility issue with auth_ldap has been
fixed and the default key derivation function
switched to PKDF2+SHA512. `auth_signup` provides
a password reset mechanism that can be used in
combination with `auth_crypt`.

diff --git a/addons/auth_crypt/__openerp__.py b/addons/auth_crypt/__openerp__.py
index 38aea3f..b786840 100644 (file)
--- a/addons/auth_crypt/__openerp__.py
+++ b/addons/auth_crypt/__openerp__.py
@@ -1,8 +1,8 @@
 # -*- encoding: utf-8 -*-
 ##############################################################################
 #
-#    OpenERP, Open Source Management Solution
-#    Copyright (C) 2004-2009 Tiny SPRL (<http://tiny.be>).
+#    Odoo, Open Source Management Solution
+#    Copyright (C) 2004-2014 OpenERP S.A. (<http://odoo.com>).
 #
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU Affero General Public License as
@@ -20,23 +20,41 @@
 ##############################################################################
 {
     'name': 'Password Encryption',
-    'version': '1.1',
+    'version': '2.0',
     'author': ['OpenERP SA', 'FS3'],
     'maintainer': 'OpenERP SA',
     'website': 'https://www.odoo.com',
     'category': 'Tools',
     'description': """
-Ecrypted passwords
-==================
+Encrypted passwords
+===================
+
+Replaces the default password storage with a strong cryptographic
+hash.
+
+The key derivation function currently used is RSA Security LLC's
+industry-standard ``PKDF2``, in combination with ``SHA512``.
+This includes salting and key stretching with several thousands
+rounds.
+
+All passwords are encrypted as soon as the module is installed.
+This may take a few minutes if there are thousands of users.
+
+Past versions of encrypted passwords will be automatically upgraded
+to the current scheme whenever a user authenticates
+(``auth_crypt`` was previously using the weaker ``md5crypt`` key
+derivation function).
+
+Note: Installing this module permanently prevents user password
+recovery and cannot be undone. It is thus recommended to enable
+some password reset mechanism for users, such as the one provided
+by the ``auth_signup`` module (signup for new users does not
+necessarily have to be enabled).
 
-Interaction with LDAP authentication:
--------------------------------------
-This module is currently not compatible with the ``user_ldap`` module and
-will disable LDAP authentication completely if installed at the same time.
 """,
     'depends': ['base'],
     'data': [],
-    'auto_install': False,
+    'auto_install': True,
     'installable': True,
 }