[horde] Reset Password and Passwd
Simon B
simon.buongiorno at gmail.com
Wed Sep 14 09:16:19 UTC 2016
On 14 Sep 2016 11:03, "Jan Schneider" <jan at horde.org> wrote:
>
> Zitat von Simon B <simon.buongiorno at gmail.com>:
>
>> On 14 Sep 2016 10:46, "Jan Schneider" <jan at horde.org> wrote:
>>>
>>>
>>> Zitat von Simon B <simon.buongiorno at gmail.com>:
>>>
>>>> On 14 Sep 2016 10:01, "Jan Schneider" <jan at horde.org> wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Zitat von Simon B <simon.buongiorno at gmail.com>:
>>>>>
>>>>>
>>>>>> Hi
>>>>>>
>>>>>> I can't believe this hasn't come up before..
>>>>>>
>>>>>> In my horde.cong, I have set
>>>>>>
>>>>>> $conf['auth']['resetpassword'] = true;
>>>>>>
>>>>>> to provide a "reset password" link on the login page..
>>>>>>
>>>>>> No link appears on the login screen - not even after an incorrect
>>
>> login.
>>>>>>
>>>>>>
>>>>>> What am I doing wrong? I am using IMP authentication with a MySQL
>>>>>> backend through dovecot.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> You don't use an authentication backend that supports password
>>
>> resetting.
>>>>
>>>>
>>>>
>>>> If you're saying IMAP can't somehow change the password, you're
correct.
>>>> But as the basic user management is done via a custom MySQL backend, it
>>>> should be trivial to specify the table name and password field in the
>>>> settings and to populate it once the tokenised link has been verified.
>>>
>>>
>>>
>>> This is what Passwd is for. Or the composite authentication driver.
>>
>>
>> Great! That aligns with what I thought.
>>
>> However, I see no where in passwd to set that up.
>>
>> Currently you can only reach https://webmail.example.net/passwd if you're
>> already authenticated. Clearly for a forgotten password that's not going
>> to work.
>
>
> Yes, that's why I said you need an authentication backend that allows
resetting of the password.
But then you also implied MySQL is an authentication backend that allows
resetting the password using password.
I have a MySQL db with User secrets that would allow for a password to be
reset if a link to forgot password would be displayed. I could even write
the page myself that would show the challenges and response input (although
I'd prefer not to, I prefer to configure that in passwd). Passwd could
then insert a new password and the user could then authenticate...
Simon
>> Also...
>>
>>>>>> In my horde.cong, I have set
>>>>>>
>>>>>> $conf['auth']['resetpassword'] = true;
>>>>>>
>>>>>> to provide a "reset password" link on the login page..
>>>>>>
>>>>>> No link appears on the login screen - not even after an incorrect
login
>>
>>
>> Simon
>>
>>>> Will you accept an enhancement request?
>>>>
>>>> Simon
>>>>
>>>>>> Secondly, in accordance with the hint, I left
>>>>>> $conf[auth][resetpassword_from] blank so that the reset email would
>>>>>> come from the users account. Of course that may well be the case,
but
>>>>>> I can't test it.
>>>>>>
>>>>>> What would be nice - and I don't see an enhancement request for this
-
>>>>>> is to have a tokenised link sent via email for people who cannot
>>>>>> remember their password which can then be user to reset their
>>>>>> password.
>>>>>>
>>>>>> Yes, I see the obvious flaw here - if you can't remember your
>>>>>> password, how can you get the email to click on the link, but a) it
>>>>>> might be possible to do this from a mobile if ActiveSync is working
>>>>>> and b) the obvious next step is for me as admin to push the link to
>>>>>> someone so that I don't have to open the backend and reset their
>>>>>> password and then force them to change it..
>>>>>>
>>>>>> Is there any active development on passwd? How do the hundreds of
>>>>>> university admins handle this?
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Jan Schneider
>>> The Horde Project
>>> http://www.horde.org/
>>>
>
>
>
> --
> Jan Schneider
> The Horde Project
> http://www.horde.org/
>
More information about the horde
mailing list