Raebae1979 / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

[Request] Allow default password for guest registration #615

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
The guest registration currently generates a password and sends by email to the 
user. The user is under no obligation to change this.

To improve security allow a default password to be set and sent out, which can 
be recognised by other systems not having access to the password expired 
attribute, so the account can be locked down until the user changes their 
password.

Original issue reported on code.google.com by mark.a.r...@gmail.com on 21 Oct 2014 at 10:49

GoogleCodeExporter commented 9 years ago
Guest registration is meant for short-lived accounts. In most cases there is no 
need to enforce such a password change.

By setting an extra, hidden, LDAP implementation dependent attribute you may 
force the user to change the password.

Original comment by menno.pi...@gmail.com on 21 Oct 2014 at 11:38

GoogleCodeExporter commented 9 years ago
Ok that's fair enough.

Original comment by markchal...@obanmultilingual.com on 21 Oct 2014 at 3:05