[horde] Reset Password and Passwd

Jan Schneider jan at horde.org
Wed Sep 14 09:03:29 UTC 2016


Zitat von Simon B <simon.buongiorno at gmail.com>:

> On 14 Sep 2016 10:46, "Jan Schneider" <jan at horde.org> wrote:
>>
>> Zitat von Simon B <simon.buongiorno at gmail.com>:
>>
>>> On 14 Sep 2016 10:01, "Jan Schneider" <jan at horde.org> wrote:
>>>>
>>>>
>>>>
>>>> Zitat von Simon B <simon.buongiorno at gmail.com>:
>>>>
>>>>
>>>>> Hi
>>>>>
>>>>> I can't believe this hasn't come up before..
>>>>>
>>>>> In my horde.cong, I have set
>>>>>
>>>>> $conf['auth']['resetpassword'] = true;
>>>>>
>>>>> to provide a "reset password" link on the login page..
>>>>>
>>>>> No link appears on the login screen - not even after an incorrect
> login.
>>>>>
>>>>> What am I doing wrong?  I am using IMP authentication with a MySQL
>>>>> backend through dovecot.
>>>>
>>>>
>>>>
>>>> You don't use an authentication backend that supports password
> resetting.
>>>
>>>
>>> If you're saying IMAP can't somehow change the password, you're correct.
>>> But as the basic user management is done via a custom MySQL backend, it
>>> should be trivial to specify the table name and password field in the
>>> settings and to populate it once the tokenised link has been verified.
>>
>>
>> This is what Passwd is for. Or the composite authentication driver.
>
> Great!  That aligns with what I thought.
>
> However, I see no where in passwd to set that up.
>
> Currently you can only reach https://webmail.example.net/passwd if you're
> already authenticated.  Clearly for a forgotten password that's not going
> to work.

Yes, that's why I said you need an authentication backend that allows  
resetting of the password.

> Also...
>
>>>>> In my horde.cong, I have set
>>>>>
>>>>> $conf['auth']['resetpassword'] = true;
>>>>>
>>>>> to provide a "reset password" link on the login page..
>>>>>
>>>>> No link appears on the login screen - not even after an incorrect login
>
> Simon
>
>>> Will you accept an enhancement request?
>>>
>>> Simon
>>>
>>>>> Secondly, in accordance with the hint, I left
>>>>> $conf[auth][resetpassword_from] blank so that the reset email would
>>>>> come from the users account.  Of course that may well be the case, but
>>>>> I can't test it.
>>>>>
>>>>> What would be nice - and I don't see an enhancement request for this -
>>>>> is to have a tokenised link sent via email for people who cannot
>>>>> remember their password which can then be user to reset their
>>>>> password.
>>>>>
>>>>> Yes, I see the obvious flaw here - if you can't remember your
>>>>> password, how can you get the email to click on the link, but a) it
>>>>> might be possible to do this from a mobile if ActiveSync is working
>>>>> and b) the obvious next step is for me as admin to push the link to
>>>>> someone so that I don't have to open the backend and reset their
>>>>> password and then force them to change it..
>>>>>
>>>>> Is there any active development on passwd?   How do the hundreds of
>>>>> university admins handle this?
>>
>>
>>
>>
>> --
>> Jan Schneider
>> The Horde Project
>> http://www.horde.org/
>>



-- 
Jan Schneider
The Horde Project
http://www.horde.org/



More information about the horde mailing list