Re: [cpx] Wishlist: forgotten password

[Rus Berrett <rberrett@xxxxxxxxx>]

On Fri, Apr 22, 2005 at 03:14:56PM -0500, Rae French wrote:
>
> Subject: Re: [cpx] Wishlist: forgotten password
>
> Then how about a script-generated one that would overwrite the existing 
> one? At this point, there isn't anyway for the user to access their account 
> without our intervention if they forgot their password.
> 
> Best wishes,
> Rae

How does CPX interact with a user that can't authenticate without
opening up possibilities for security exploits?  It seems the safe bet
here is just to have your EU password reset by an authenticated DA or
SA.  no?

--rus.




> 
> At 08:58 AM 4/22/2005, Scott Wiersdorf wrote:
> >Probably not. We don't store the passwords in plaintext anywhere,
> >which is standard on Unix.
> >
> >Having said that, I could forsee an option sometime where the server
> >or domain admin would allow plaintext storage for later retrieval, but
> >this is a significant enhancement.

-- 
========================================================================
Rus Berrett                                                    NTT/Verio
                 See Perl. See Perl Run. Run Perl, Run!

======================================================================
This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
Before posting a question, please search the archives (see above URL).