[dev] Re: [cvs] commit: passwd/lib Driver.php passwd/lib/Driver expect.php ldap.php poppassd.php servuftp.php smbpasswd.php sql.php vmailmgr.php vpopmail.php

[Eric Rostetter]

Quoting Mike Cochrane <mike@graftonhall.co.nz>:

> >   * Move changing horde/imp credentials out of backend into Driver.php
> >   * Fix some cases where the newpassword variable name was wrong
> 
> In the reset password, you assume that you are changing the password for the
> authentication that is being used for login. This isn't always going to be
> true.

Yes, I forgot that you changed things so password can be used as guest and
so on.
 
> I would prefer this to be an option set in the backend config, or at least
> check that the password that Auth:: currrently has == $oldpassword before
> setting it to $newpassword.

I really don't want to make this an config option, if we can avoid it.

So what exactly should we be checking?  Username + oldpassword, just 
old password, something else?  Does it need a check for guest logins?
You (Mike) are more familiar with this than I am probably, as to what
the possible entry points are now.

At least now with the code only in one place, it will be easy to change
or adapt.

> - Mike :-)

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Why get even? Get odd!