Current behaviour of the Helpdesk module:
The current implementation of the Helpdesk module allows a Helpdesk employee to
reset a User Password with a Random generated Password. The random generated
Password is visibile to the Helpdesk employee. The targetDN ends up with a
general e-mail that his/ her password is changed.
Desired behaviour of the Helpdesk module:
My current security policy does not allow to communicate any cleartext password
by wire (phone and/ or e-mail). This makes the current implementation of the
Helpdesk module not a viable option in my situation. Therefore a couple of
enhancements requested on this module:
- Don't make the random generated password visible to the Helpdesk employee
- E-mail/ SMS a token to the targetDN which allows him/ her to do a password
reset
In my opinion both enhancements makes the PWM Helpdesk more secure.
Original issue reported on code.google.com by sebastia...@gmail.com on 9 Apr 2013 at 7:28
Original issue reported on code.google.com by
sebastia...@gmail.com
on 9 Apr 2013 at 7:28