[dev] Re: [cvs] commit: passwd/config .cvsignore backends.php.dist conf.xml passwd/lib Driver.php Passwd.php base.php passwd/lib/Driver ldap.php sql.php passwd/templates/main main.inc passwd main.php

Harry Hoffman hhoffman@ip-solutions.net
Sun Oct 13 07:48:56 PDT 2002 

Hi,
  Here at Auckland Uni. it's really nice to allow users not to have to login to
change passwords as we use a central authentication mechanism where a way to
change your password in not easy.
  We use a logchecking daemon to scan thru logs and report/act upon on anomalies
thru a central syslog server. I'd be more than willing to share this code. It
essentially allows you the ability to lock the user's account if more than five
unsuccesful attempts are made.
  Just my 2 cents.

Thanks,
Harry



Quoting Jan Schneider <jan@horde.org>:

*> Zitat von Eric Rostetter <eric.rostetter@physics.utexas.edu>:
*> 
*> 
*> > My objection is to making "guest => true" the default in the registry.php
*> > file.  I think this makes the module much more of a security concern.
*> >
*> > I don't object to the functionality, but I think we should have guest
*> > access
*> > off by default, and make the system admin/installer set it to true if
*> > they
*> > want to accept responsibility for the security concerns doing so raises.
*> 
*> > Anyone disagree with me?
*> 
*> No, that makes sense. Even if users will be able to change passwords that
*> have nothing to do with the system's Horde authentication it still makes
*> sense to only allow changing of passwords for authenticated users.
*> 
*> Jan.
*> 
*> --
*> http://www.horde.org - The Horde Project
*> http://www.ammma.de - discover your knowledge
*> http://www.tip4all.de - Deine private Tippgemeinschaft
*> 
*> --
*> Horde developers mailing list
*> Frequently Asked Questions: http://horde.org/faq/
*> To unsubscribe, mail: dev-unsubscribe@lists.horde.org


-- 
Harry Hoffman
ITSS Systems Team Leader
University of Auckland
hhoffman@auckland.ac.nz
hhoffman@ip-solutions.net
STANDARD DISCLAIMER:
**********************************************
*This universe shipped by weight, not volume.*
*Some expansion may have occured in shipping.*
*********************************************

-------------------------------------------------
Mail service provided by IpSolutions 
http://www.ip-solutions.net/

More information about the dev mailing list