[Date Prev][Date Next]
Re: Forgotten password recovery
Hallvard B Furuseth wrote:
> Duh, I seem to be tired - I forgot you didn't want that privileged
> user, I focused on the "password works only once" part.
> Well. _Something_ needs permission to create a temporary password.
> Presumably without removing the old one, otherwise anyone can sabotage
> anyone's password. Which probably kills the ppolicy idea since that
> gets confused by multiple passwords.
> Maybe you could have a separate database or two with passwords, merged
> to the main one with the translucent overlay... Then the Drupal DN
> would at least play with its own database and not mess with the main
This password reset ticket database could be another part of the DIT. A
regex-based ACL could implement password write access for the original
user entry (e.g. based on same naming scheme). Also don't forget to
clean up password reset tickets not used.