Changes between Initial Version and Version 1 of Ticket #11869, comment 2


Ignore:
Timestamp:
Jul 10, 2014, 9:11:35 PM (5 years ago)
Author:
Steffen Hoffmann
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #11869, comment 2

    initial v1  
    1212> As I am writing this, I see in [http://trac-hacks.org/wiki/AccountManagerPlugin/Modules#Lostpasswordprocedure Lost password procedure] that "The temporary password is stored in !ResetPwStore, a special !SessionStore". Does this mean I need to configure a SessionStore to get this behaviour to work properly? Please direct me to the appropriate documentation if so.
    1313
    14 First, !ResetPwStore is a dedicated store, no need to configure it explicitly. Just make sure the !SessionStore component is enabled, but this is not your problem.
     14First, !ResetPwStore is a dedicated store, no need to configure it explicitly. Just make sure the !ResetPwStore component is enabled, but this is not your problem.
    1515
    1616It is rather Http Basic Auth that doesn't know anything about an alternative password store. So the new password in !ResetPwStore is never challenged and password reset - new style - simply doesn't work by design in this authentication setup, just password management. Sorry, but password store chaining, a per-requisite for password reset, is bound to the use of !AccountManager's own login module and cannot work with the Http Basic Auth method.