Changes between Version 21 and Version 22 of AccountManagerPlugin/Modules


Ignore:
Timestamp:
Dec 30, 2012 1:40:15 AM (21 months ago)
Author:
hasienda
Comment:

add more details about the new lost/new password procedure

Legend:

Unmodified
Added
Removed
Modified
  • AccountManagerPlugin/Modules

    v21 v22  
    8787}}} 
    8888 
     89=== Lost password procedure === 
     90A user-triggered password reset is less intrusive starting with acct_mgr-0.3, ''not altering the current password before a successful login'' using it. Resetting your password you actually end up with two passwords before next valid login: 
     91 * Login with the new one from !ResetPwStore to silently and finally overwrite the old with the new. 
     92 * Login with the old will just chancel the latest lost/new password request. 
     93Or in other words: The temporary password is stored in !ResetPwStore, a special !SessionStore (sharing configuration with any other !SessionStore) and merely checked as a fallback, if the regular authentication has failed. On authentication success with the old password any temporary password is deleted to prevent abuse of the 'lost password' procedure by others. 
     94 
     95[[Image(AccountManagerPlugin:reset-password.png)]] 
     96 
    8997==== Disabling password reset ==== 
    9098To disable just the password reset functionality add the following line to the {{{[account-manager]}}} section: 
     
    96104}}} 
    97105 
    98 [[Image(AccountManagerPlugin:reset-password.png)]] 
    99  
    100 '''Since Trac 0.11:''' When a user resets their password they will be required to change their password on the next successful login.  This can be disabled via the `trac.ini` by setting: 
     106When a user resets their password they will be required to change their password on the next successful login.  This can be disabled via the `trac.ini` by setting: 
    101107 
    102108{{{