[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-developers] force users to change password ?
|
From: |
Brian Johnson |
|
Subject: |
Re: [Phpgroupware-developers] force users to change password ? |
|
Date: |
Wed, 06 Apr 2005 13:22:01 +0000 |
I looked around yesterday and I can't find the script
Part of the problem is that I don't remember where I saved it .. the other
problem is that I don't remember what filename I used
I checked all my usual stashes on the server and have't found it yet
I'd like to find it .. I really meant to use it but put off deploying it (and
now I can't find it)
Pascal Vilarem (address@hidden) wrote:
>
>
> foa thx for the answer Brian :-)
>
>
> Brian Johnson wrote:
>
> >I use ldap for shell, email, phpgw, and samba accounts so that each user has
> >one password that works for all those systems and I mod'd phpgw to allow them
> >to change them all at once through the phpgw change password screen.
> >
> >
> nice arch :-)
>
> >I would like to modify phpgw to do password checks on the change so that a
> >simple password is not accepted .. however I haven't done that yet and the
> >only way I know of to do it creates another dependancy for libraries on the
> >server which may not sit well with everyone
> >
> >I decided to implement a password change system that "encouraged" users to
> >change their password instead of "requiring" them to change it and wrote one
> >but haven't actually put it in place yet.
> >
> >The problem with "requiring" them to change it was that access could be
> >through any of the above systems and they all have different abilities. I
> >didn't want to write a passwd change utility (or require the existence of one
> >on the server).
> >
> >Since I wasn't "requiring" a password change, I decided a daily cron job
> >would
> >catch accounts even if not used for one or more days. I did it in php since
> >it seemed easy.
> >
> >What I did was check the last passwd change date and if it hasn't been
> >changed
> >in a month, it emails the user with a nice email explaining the problems with
> >lax security and encouraging them to change their password. It also contains
> >info about selecting a "good" password.
> >
> >
> the explanation is a cool idea... i think i'll try to make room for it.
>
> >They can simply delete it, but they'll get an email every day until they
> >change it.
> >
> >
> that's a fair way... but i think i wont be allowed to use it :-(
>
> >Prohiting access until it was changed would have involved interacting with
> >multiple system services that I didn't feel like doing.
> >
> >The problem now is .. that I can't find the darn thing.
> >
> >Maybe you can check the wiki while I search my server HD
> >
> >
> yep thx.
>
> >
> >
> >
> >Pascal Vilarem (address@hidden) wrote:
> >
> >
> >>Hi all,
> >>
> >>I've been asked to force phpgw users to change their passwords once a
> >>month... i didn't find something in phpgw to do that straight out of the
> >>box... so i guess i'll have to code a little bit.
> >>
> >>did someone there have to face such a demand ? are there special things
> >>i have to care about ? does this little feature interest more people
> >>than just me ? (if yes i'll submit a patch)
> >>
> >>all advices and comments are welcome.
> >>
> >>Pascal.
> >>
> >>
>
>
> _______________________________________________
> Phpgroupware-developers mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/phpgroupware-developers
>
>