[horde] password HELP!

Michael M Slusarz slusarz at horde.org
Tue May 28 20:17:47 UTC 2013 

Quoting Nicolás Valera <nvalera at gmail.com>:

> On 05/28/2013 03:39 PM, Michael M Slusarz wrote:
>> Quoting Nicolás Valera <nvalera at gmail.com>:
>>
>>> On 05/28/2013 12:48 PM, Jan Schneider wrote:
>>>>
>>>> Zitat von Nicolás Valera <nvalera at gmail.com>:
>>>>
>>>>> On 05/24/2013 12:30 PM, Jan Schneider wrote:
>>>>>>
>>>>>> Zitat von Nicolás Valera <nvalera at gmail.com>:
>>>>>>
>>>>>>> On 05/22/2013 08:04 AM, Jan Schneider wrote:
>>>>>>>>
>>>>>>>> Zitat von Nicolás Valera <nvalera at gmail.com>:
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I'm having some problems when trying to use the password expiration
>>>>>>>>> option.
>>>>>>>>>
>>>>>>>>> when a user reaches the soft_expiration_date, the horde
>>>>>>>>> redirect to changepassword.php, but when you fill out the form
>>>>>>>>> nothing happens.
>>>>>>>>>
>>>>>>>>> i don't see any errors in logs
>>>>>>>>>
>>>>>>>>> PREASE HELP!!!
>>>>>>>>>
>>>>>>>>> Thanks in advance
>>>>>>>>> Nicolás.
>>>>>>>>
>>>>>>>> Is the form at least submitted?
>>>>>>>
>>>>>>> Yes Jan, the form is sent to the sever but is has no effect.
>>>>>>> I mean, the data is sent but the old password is not checked. Neither
>>>>>>> the new password or the retyped.
>>>>>>>
>>>>>>> There is no action at all... :(
>>>>>>
>>>>>> Fixed in Git.
>>>>>
>>>>> Jan thanks for fix, but the password policy is not checked and the
>>>>> Horde session is not destroyed after changing password.
>>>>>
>>>>> Thanks again!
>>>>> Nicolás.
>>>>
>>>> Which password policy?
>>>>
>>>> For the session reset, please file a bug report.
>>>
>>> it's simmilar to Bug #11766 and #11789
>>
>> You *have* set the 'logout' parameter, right?
>>
>> michael
>>
>> ___________________________________
>> Michael Slusarz [slusarz at horde.org]
>>
> Michael,
>
> yes, i have it.
> the application passwd works correctly if I use it from the menu  
> "Others->My Account->Password"
>
> the problem is when a password expires and is updated through the  
> "changepassword.php"
>
> $backends['hordeauth'] = array(
>     'name' => 'Horde Authentication',
>     'driver' => 'Horde',
>     'policy' => array(
>         'minLength' => 8,
>         'maxLength' => 18,
>         'maxSpace' => 5,
>         'minUpper' => 1,
>         'minLower' => 1,
>         'minNumeric' => 1,
>         'minSymbol' => 1
>     ),
>     'logout' => true,
> );

Then this has nothing to do with passwd the application and the bug  
reports you previously referred to are irrelevant.

Although this conversation does beg the question: why do we have a  
separate passwd application?  Or why shouldn't we fold the Horde  
changepassword code into passwd?  We should not be maintaining two  
separate password changing mechanisms.  (Although granted that passwd  
doesn't require the password changing mechanism to be related to  
Horde).  Especially with the latter - I don't think requiring someone  
to install passwd for this lesser used feature is asking too much.

But at a minimum, services/changepasswd has to be fixed.  As  
previously discussed in the passwd realm, it is impossible to change  
the password accurately within a Horde session.  The only way to  
handle this properly is to restart the session.

michael

___________________________________
Michael Slusarz [slusarz at horde.org]

More information about the horde mailing list