Changes between Version 21 and Version 22 of AccountManagerPlugin/Modules


Ignore:
Timestamp:
Dec 30, 2012, 12:40:15 AM (11 years ago)
Author:
Steffen Hoffmann
Comment:

add more details about the new lost/new password procedure

Legend:

Unmodified
Added
Removed
Modified

  • AccountManagerPlugin/Modules

    v21 v22  
    8787}}}
    8888
     89=== Lost password procedure ===
     90A user-triggered password reset is less intrusive starting with acct_mgr-0.3, ''not altering the current password before a successful login'' using it. Resetting your password you actually end up with two passwords before next valid login:
     91 * Login with the new one from !ResetPwStore to silently and finally overwrite the old with the new.
     92 * Login with the old will just chancel the latest lost/new password request.
     93Or in other words: The temporary password is stored in !ResetPwStore, a special !SessionStore (sharing configuration with any other !SessionStore) and merely checked as a fallback, if the regular authentication has failed. On authentication success with the old password any temporary password is deleted to prevent abuse of the 'lost password' procedure by others.
     94
     95[[Image(AccountManagerPlugin:reset-password.png)]]
     96
    8997==== Disabling password reset ====
    9098To disable just the password reset functionality add the following line to the {{{[account-manager]}}} section:
     
    96104}}}
    97105
    98 [[Image(AccountManagerPlugin:reset-password.png)]]
    99 
    100 '''Since Trac 0.11:''' When a user resets their password they will be required to change their password on the next successful login.  This can be disabled via the `trac.ini` by setting:
     106When a user resets their password they will be required to change their password on the next successful login.  This can be disabled via the `trac.ini` by setting:
    101107
    102108{{{