[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Forgotten password recovery



Duh, I seem to be tired - I forgot you didn't want that privileged
user, I focused on the "password works only once" part.

Well.  _Something_ needs permission to create a temporary password.
Presumably without removing the old one, otherwise anyone can sabotage
anyone's password.  Which probably kills the ppolicy idea since that
gets confused by multiple passwords.

Maybe you could have a separate database or two with passwords, merged
to the main one with the translucent overlay...  Then the Drupal DN
would at least play with its own database and not mess with the main
database.

Another way would be to require clients to use SASL instead of Simple
Bind.  Then you can defer the problem to maintaining a SASL database
of temporary password.

Just loose ideas, I'm not going to try harder to make sense now...

-- 
Hallvard