[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Forgotten password recovery

Brett Maxfield wrote:
> Maybe generate a random challenge, store it in ldap as an additional
> hashed password value maybe with a special {challenge} hash type as a
> marker, assuming ldap will try *all* passwords when logging in.

Implementing this with multi-valued userPassword will raise some issues
when sorting out the temporary challenge-password later (either if it's
used or not used by the end user). I'd go for separate LDAP entries
where you can store additional expiration information.

Ciao, Michael.