[horde] Reset Password and Passwd

Simon B simon.buongiorno at gmail.com
Wed Sep 14 08:57:10 UTC 2016


On 14 Sep 2016 10:46, "Jan Schneider" <jan at horde.org> wrote:
>
> Zitat von Simon B <simon.buongiorno at gmail.com>:
>
>> On 14 Sep 2016 10:01, "Jan Schneider" <jan at horde.org> wrote:
>>>
>>>
>>>
>>> Zitat von Simon B <simon.buongiorno at gmail.com>:
>>>
>>>
>>>> Hi
>>>>
>>>> I can't believe this hasn't come up before..
>>>>
>>>> In my horde.cong, I have set
>>>>
>>>> $conf['auth']['resetpassword'] = true;
>>>>
>>>> to provide a "reset password" link on the login page..
>>>>
>>>> No link appears on the login screen - not even after an incorrect
login.
>>>>
>>>> What am I doing wrong?  I am using IMP authentication with a MySQL
>>>> backend through dovecot.
>>>
>>>
>>>
>>> You don't use an authentication backend that supports password
resetting.
>>
>>
>> If you're saying IMAP can't somehow change the password, you're correct.
>> But as the basic user management is done via a custom MySQL backend, it
>> should be trivial to specify the table name and password field in the
>> settings and to populate it once the tokenised link has been verified.
>
>
> This is what Passwd is for. Or the composite authentication driver.

Great!  That aligns with what I thought.

However, I see no where in passwd to set that up.

Currently you can only reach https://webmail.example.net/passwd if you're
already authenticated.  Clearly for a forgotten password that's not going
to work.

Also...

>>>> In my horde.cong, I have set
>>>>
>>>> $conf['auth']['resetpassword'] = true;
>>>>
>>>> to provide a "reset password" link on the login page..
>>>>
>>>> No link appears on the login screen - not even after an incorrect login

Simon

>> Will you accept an enhancement request?
>>
>> Simon
>>
>>>> Secondly, in accordance with the hint, I left
>>>> $conf[auth][resetpassword_from] blank so that the reset email would
>>>> come from the users account.  Of course that may well be the case, but
>>>> I can't test it.
>>>>
>>>> What would be nice - and I don't see an enhancement request for this -
>>>> is to have a tokenised link sent via email for people who cannot
>>>> remember their password which can then be user to reset their
>>>> password.
>>>>
>>>> Yes, I see the obvious flaw here - if you can't remember your
>>>> password, how can you get the email to click on the link, but a) it
>>>> might be possible to do this from a mobile if ActiveSync is working
>>>> and b) the obvious next step is for me as admin to push the link to
>>>> someone so that I don't have to open the backend and reset their
>>>> password and then force them to change it..
>>>>
>>>> Is there any active development on passwd?   How do the hundreds of
>>>> university admins handle this?
>
>
>
>
> --
> Jan Schneider
> The Horde Project
> http://www.horde.org/
>


More information about the horde mailing list