[horde] password HELP!

Michael M Slusarz slusarz at horde.org
Wed May 29 16:04:18 UTC 2013


Quoting Nicolás Valera <nvalera at gmail.com>:

> On 05/28/2013 05:17 PM, Michael M Slusarz wrote:
>> Quoting Nicolás Valera <nvalera at gmail.com>:
>>
>>> On 05/28/2013 03:39 PM, Michael M Slusarz wrote:
>>>> Quoting Nicolás Valera <nvalera at gmail.com>:
>>>>
>>>>> On 05/28/2013 12:48 PM, Jan Schneider wrote:
>>>>>>
>>>>>> Zitat von Nicolás Valera <nvalera at gmail.com>:
>>>>>>
>>>>>>> On 05/24/2013 12:30 PM, Jan Schneider wrote:
>>>>>>>>
>>>>>>>> Zitat von Nicolás Valera <nvalera at gmail.com>:
>>>>>>>>
>>>>>>>>> On 05/22/2013 08:04 AM, Jan Schneider wrote:
>>>>>>>>>>
>>>>>>>>>> Zitat von Nicolás Valera <nvalera at gmail.com>:
>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> I'm having some problems when trying to use the password
>>>>>>>>>>> expiration
>>>>>>>>>>> option.
>>>>>>>>>>>
>>>>>>>>>>> when a user reaches the soft_expiration_date, the horde
>>>>>>>>>>> redirect to changepassword.php, but when you fill out the form
>>>>>>>>>>> nothing happens.
>>>>>>>>>>>
>>>>>>>>>>> i don't see any errors in logs
>>>>>>>>>>>
>>>>>>>>>>> PREASE HELP!!!
>>>>>>>>>>>
>>>>>>>>>>> Thanks in advance
>>>>>>>>>>> Nicolás.
>>>>>>>>>>
>>>>>>>>>> Is the form at least submitted?
>>>>>>>>>
>>>>>>>>> Yes Jan, the form is sent to the sever but is has no effect.
>>>>>>>>> I mean, the data is sent but the old password is not checked.
>>>>>>>>> Neither
>>>>>>>>> the new password or the retyped.
>>>>>>>>>
>>>>>>>>> There is no action at all... :(
>>>>>>>>
>>>>>>>> Fixed in Git.
>>>>>>>
>>>>>>> Jan thanks for fix, but the password policy is not checked and the
>>>>>>> Horde session is not destroyed after changing password.
>>>>>>>
>>>>>>> Thanks again!
>>>>>>> Nicolás.
>>>>>>
>>>>>> Which password policy?
>>>>>>
>>>>>> For the session reset, please file a bug report.
>>>>>
>>>>> it's simmilar to Bug #11766 and #11789
>>>>
>>>> You *have* set the 'logout' parameter, right?
>>>>
>>>> michael
>>>>
>>>> ___________________________________
>>>> Michael Slusarz [slusarz at horde.org]
>>>>
>>> Michael,
>>>
>>> yes, i have it.
>>> the application passwd works correctly if I use it from the menu
>>> "Others->My Account->Password"
>>>
>>> the problem is when a password expires and is updated through the
>>> "changepassword.php"
>>>
>>> $backends['hordeauth'] = array(
>>>    'name' => 'Horde Authentication',
>>>    'driver' => 'Horde',
>>>    'policy' => array(
>>>        'minLength' => 8,
>>>        'maxLength' => 18,
>>>        'maxSpace' => 5,
>>>        'minUpper' => 1,
>>>        'minLower' => 1,
>>>        'minNumeric' => 1,
>>>        'minSymbol' => 1
>>>    ),
>>>    'logout' => true,
>>> );
>>
>> Then this has nothing to do with passwd the application and the bug
>> reports you previously referred to are irrelevant.
>>
>> Although this conversation does beg the question: why do we have a
>> separate passwd application?  Or why shouldn't we fold the Horde
>> changepassword code into passwd?  We should not be maintaining two
>> separate password changing mechanisms.  (Although granted that passwd
>> doesn't require the password changing mechanism to be related to
>> Horde).  Especially with the latter - I don't think requiring someone to
>> install passwd for this lesser used feature is asking too much.
>>
>> But at a minimum, services/changepasswd has to be fixed.  As previously
>> discussed in the passwd realm, it is impossible to change the password
>> accurately within a Horde session.  The only way to handle this properly
>> is to restart the session.
>>
>> michael
>>
>> ___________________________________
>> Michael Slusarz [slusarz at horde.org]
>>
> Michael,
>
> I know that has nothing to do with the application, I mentioned  
> those bugs because in the passwd application the session was not  
> destroyed after changing the password in the same way that the  
> changepassword.php
>
> maybe we can do something like "$registry->getLogoutUrl()->redirect();"
> as was done in the passwd /lib/Basic.php to solve the problem

This was already fixed.

michael

___________________________________
Michael Slusarz [slusarz at horde.org]



More information about the horde mailing list