[horde] passwd and forced changes

Ralf Lang lang at b1-systems.de
Thu Jan 2 21:30:11 UTC 2014 

Hi Simon,

On 02.01.2014 17:01, Simon B wrote:
> Hi
> 
> I use SQL as a backend - consequently Horde tells me I cannot list or
> add users.  That's all well and good and I have no wish to move to
> Kolab or LDAP.  However, what I would like is the ability to force
> users to change their password - either at first log in, perhaps at a
> pre-defined interval or possibly just when I decide (for example, the
> account is compromised, I reset the password, but would then like the
> user to change it again).

You can create a hook that sets the
$conf[auth][params][hard_expiration_field] field. See also
$conf[auth][params][hard_expiration_window].

> Whilst I can see why the SQL backend can't be used for adding users
> (this should actually be possible, perhaps by intergrating
> phpmyadmin?)

No need to. The SQL Backend can do this.

> , I can't see why it can't list the users 
The SQL Backend can do this.

> allow me to put a tick next to the ones I want to force to change the
> password).  rampage_users lists all the users that have logged in, so
> surely that's the list it should display, no?

No. It should use horde_users or whatever the user source field of your
installation is.

> What would it cost to implement this enhancement?

Implement what exactly?

* Listing users is already implemented
* Adding users in SQL backend is implemented
* There is a backend-independent feature to block users temporarily (for
example for a series of bad logins) or permanently (through the user
admin UI).

If I understand you correctly, you want a price tag for the following:

For all backends that support listing/For SQL and LDAP/For the SQL
backend only

The admin should see a list of users and be able to select users which
have to reset their Password upon next login. He should see which users
are already blocked.

The users should authenticate to the reset password screen
with their old password/with their forgot password secret

The feature should be implemented
* as an addon to passwd (passwd's live password check and restrictions
apply)
* in the horde base module (no password restrictions apply)

Please select options or correct me so we know where's talking about the
same thing.

It's generally all possible. The question is which version is fit for
horde upstream and can we agree on a price and who does it.

Ralf

-- 
Ralf Lang
Linux Consultant / Developer
Tel.: +49-170-6381563
Mail: lang at b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.horde.org/archives/horde/attachments/20140102/9bb65176/attachment.bin>

More information about the horde mailing list