MediaWiki stores passwords in the local database under a number of circumstances. Auth plugins were taking steps to avoid this, but there's a number of ways in which core makes it impossible.
AuthPlugin should have a method that tells core whether it should or should not store the password locally.
Version: 1.19.1
Severity: normal