[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Forgotten password recovery



Hallvard B Furuseth wrote:
> Duh, I seem to be tired - I forgot you didn't want that privileged
> user, I focused on the "password works only once" part.
> 
> Well.  _Something_ needs permission to create a temporary password.
> Presumably without removing the old one, otherwise anyone can sabotage
> anyone's password.  Which probably kills the ppolicy idea since that
> gets confused by multiple passwords.
> Maybe you could have a separate database or two with passwords, merged
> to the main one with the translucent overlay...  Then the Drupal DN
> would at least play with its own database and not mess with the main
> database.

This password reset ticket database could be another part of the DIT. A
regex-based ACL could implement password write access for the original
user entry (e.g. based on same naming scheme). Also don't forget to
clean up password reset tickets not used.

Ciao, Michael.