Modify

Opened 15 years ago

Closed 2 years ago

#1946 closed enhancement (wontfix)

login via https, client certificate should anyway allow to set a password or create an account

Reported by: rupert thurner Owned by:
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: needinfo authentication password reset
Cc: Trac Release: 0.10

Description

we use ssl x509 client certificates for logging in, so req.user is set. but, an account is not created, and there is also no possiblitiy to set a password (error: old password cannot be empty).

it would be nice if this somehow worked. useage:

  • for eclipse xml-rpc login, as there is no client certificate possible currently.
  • we use the created accounts also for svn. here as well there is no client cert off a chip card possible.

Attachments (0)

Change History (8)

comment:1 Changed 14 years ago by anonymous

Priority: normalhighest
Severity: normalcritical

comment:2 Changed 14 years ago by John Hampton

Owner: changed from Matt Good to John Hampton
Status: newassigned

OK, I'm assuming that if you're using x509 certs for auth, then apache is handling the auth. In this case, would the HttpAuthStore not be enough?

comment:3 Changed 13 years ago by Matt Good

Priority: highestnormal
Severity: criticalnormal
Type: defectenhancement

comment:4 Changed 13 years ago by rupert thurner

we use c509 certs for auth, correct. and if a client has no support of certificates, a fallback to username/password.

the problem is that a user logged in via the certificate cannot set a password, as there is no "old password". and the request was to allow to (re)set the password without knowing it.

i am unsure how HttpAuthStore would help in this case?

comment:5 in reply to:  4 Changed 12 years ago by Steffen Hoffmann

Keywords: needinfo authentication password reset added
Owner: changed from John Hampton to Steffen Hoffmann
Status: assignednew

Replying to ThurnerRupert:

we use c509 certs for auth, correct. and if a client has no support of certificates, a fallback to username/password.

Would you dare to disclose a little more about your setup, please? I fail to understand your configuration, and I may need to validate any possible solution in a test setup anyway.

the problem is that a user logged in via the certificate cannot set a password, as there is no "old password". and the request was to allow to (re)set the password without knowing it.

Hm, at first glance blindly resetting a password doesn't sound like a sane concept.

However this may be similar to other non-password-based authenticaton methods, where an implementation for these class of AuthStores has already been requested (see #1061).

comment:6 in reply to:  4 Changed 11 years ago by Steffen Hoffmann

Replying to ThurnerRupert:

![...] and the request was to allow to (re)set the password without knowing it.

Hm, while not at all related to any login procedure, you might have a look at the reworked 'forgot password' procedure (see #816). This is at least a way to "reset the password without knowing it", and after successful login it'll get written to AcctMgr's preferred authentication store. And afterwards you're able to change it, right?

comment:7 Changed 6 years ago by Ryan J Ollos

Owner: Steffen Hoffmann deleted

comment:8 Changed 2 years ago by Ryan J Ollos

Resolution: wontfix
Status: newclosed

Closing since this ticket is old and the configuration sounds like a bit of an outlier.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.