[horde] password HELP!

Nicolás Valera nvalera at gmail.com
Mon Jun 3 12:33:13 UTC 2013 

On 05/28/2013 06:54 PM, Jan Schneider wrote:
>
> Zitat von Michael M Slusarz <slusarz at horde.org>:
>
>> Quoting Nicolás Valera <nvalera at gmail.com>:
>>
>>> On 05/28/2013 03:39 PM, Michael M Slusarz wrote:
>>>> Quoting Nicolás Valera <nvalera at gmail.com>:
>>>>
>>>>> On 05/28/2013 12:48 PM, Jan Schneider wrote:
>>>>>>
>>>>>> Zitat von Nicolás Valera <nvalera at gmail.com>:
>>>>>>
>>>>>>> On 05/24/2013 12:30 PM, Jan Schneider wrote:
>>>>>>>>
>>>>>>>> Zitat von Nicolás Valera <nvalera at gmail.com>:
>>>>>>>>
>>>>>>>>> On 05/22/2013 08:04 AM, Jan Schneider wrote:
>>>>>>>>>>
>>>>>>>>>> Zitat von Nicolás Valera <nvalera at gmail.com>:
>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> I'm having some problems when trying to use the password
>>>>>>>>>>> expiration
>>>>>>>>>>> option.
>>>>>>>>>>>
>>>>>>>>>>> when a user reaches the soft_expiration_date, the horde
>>>>>>>>>>> redirect to changepassword.php, but when you fill out the form
>>>>>>>>>>> nothing happens.
>>>>>>>>>>>
>>>>>>>>>>> i don't see any errors in logs
>>>>>>>>>>>
>>>>>>>>>>> PREASE HELP!!!
>>>>>>>>>>>
>>>>>>>>>>> Thanks in advance
>>>>>>>>>>> Nicolás.
>>>>>>>>>>
>>>>>>>>>> Is the form at least submitted?
>>>>>>>>>
>>>>>>>>> Yes Jan, the form is sent to the sever but is has no effect.
>>>>>>>>> I mean, the data is sent but the old password is not checked.
>>>>>>>>> Neither
>>>>>>>>> the new password or the retyped.
>>>>>>>>>
>>>>>>>>> There is no action at all... :(
>>>>>>>>
>>>>>>>> Fixed in Git.
>>>>>>>
>>>>>>> Jan thanks for fix, but the password policy is not checked and the
>>>>>>> Horde session is not destroyed after changing password.
>>>>>>>
>>>>>>> Thanks again!
>>>>>>> Nicolás.
>>>>>>
>>>>>> Which password policy?
>>>>>>
>>>>>> For the session reset, please file a bug report.
>>>>>
>>>>> it's simmilar to Bug #11766 and #11789
>>>>
>>>> You *have* set the 'logout' parameter, right?
>>>>
>>>> michael
>>>>
>>>> ___________________________________
>>>> Michael Slusarz [slusarz at horde.org]
>>>>
>>> Michael,
>>>
>>> yes, i have it.
>>> the application passwd works correctly if I use it from the menu
>>> "Others->My Account->Password"
>>>
>>> the problem is when a password expires and is updated through the
>>> "changepassword.php"
>>>
>>> $backends['hordeauth'] = array(
>>>    'name' => 'Horde Authentication',
>>>    'driver' => 'Horde',
>>>    'policy' => array(
>>>        'minLength' => 8,
>>>        'maxLength' => 18,
>>>        'maxSpace' => 5,
>>>        'minUpper' => 1,
>>>        'minLower' => 1,
>>>        'minNumeric' => 1,
>>>        'minSymbol' => 1
>>>    ),
>>>    'logout' => true,
>>> );
>>
>> Then this has nothing to do with passwd the application and the bug
>> reports you previously referred to are irrelevant.
>>
>> Although this conversation does beg the question: why do we have a
>> separate passwd application?  Or why shouldn't we fold the Horde
>> changepassword code into passwd?  We should not be maintaining two
>> separate password changing mechanisms.  (Although granted that passwd
>> doesn't require the password changing mechanism to be related to
>> Horde).  Especially with the latter - I don't think requiring someone
>> to install passwd for this lesser used feature is asking too much.
>>
>> But at a minimum, services/changepasswd has to be fixed.  As
>> previously discussed in the passwd realm, it is impossible to change
>> the password accurately within a Horde session.  The only way to
>> handle this properly is to restart the session.
>
> The opposite is the goal. It's planned to move passwd functionality
> completely into Horde_Auth and horde.

Jan, we have "fixed" the problem using the password app instead of 
changepassword.php. (ln -s ../passwd/index.php changepassword.php)

Now we have a new problem. When the user changes the password, is 
redirected to the login page with the correct pop up informative message 
(REASON_MESSAGE). The problem is that, when the user logs in again, it 
is redirected to the change password form again, not to the  initial 
page. It seems like the logout with REASON_MESSAGE is not working 
properly...
Any ideas?

Thx,

More information about the horde mailing list