[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Forgotten password recovery

To: Vincent Panel <yohonet@gmail.com>
Subject: Re: Forgotten password recovery
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 3 Feb 2009 19:04:12 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <hbf.20090203k684@bombur.uio.no>
References: <15116fd10902030816n7691b51bjb8a3fefd43d5f6bd@mail.gmail.com> <hbf.20090203k684@bombur.uio.no>

Duh, I seem to be tired - I forgot you didn't want that privileged
user, I focused on the "password works only once" part.

Well.  _Something_ needs permission to create a temporary password.
Presumably without removing the old one, otherwise anyone can sabotage
anyone's password.  Which probably kills the ppolicy idea since that
gets confused by multiple passwords.

Maybe you could have a separate database or two with passwords, merged
to the main one with the translucent overlay...  Then the Drupal DN
would at least play with its own database and not mess with the main
database.

Another way would be to require clients to use SASL instead of Simple
Bind.  Then you can defer the problem to maintaining a SASL database
of temporary password.

Just loose ideas, I'm not going to try harder to make sense now...

-- 
Hallvard

Follow-Ups:
- Re: Forgotten password recovery
  - From: Michael Ströder <michael@stroeder.com>

References:
- Forgotten password recovery
  - From: Vincent Panel <yohonet@gmail.com>
- Re: Forgotten password recovery
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: Forgotten password recovery
Next by Date: Active Directory & Open LDAP Synchronization
Index(es):
- Chronological
- Thread