Re: Password Change Form

[Grooms, Frederick W]

** Before we implemented the LDAP authentication we allowed users to change their own Remedy passwords.    We used the Password change routines from David Sanders available at http://www.buoyantsolutions.net/Download_Applications.html   Basically the idea is: On a Display Only form have them enter their password and push it to a form. Compare the value in the forms.  If they match ask for the new password.   On another note there is also the new Run Process of Application-Confirm-Password to look at as well.   Fred   From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Gillman Sent: Monday, November 06, 2006 5:04 PM To: arslist@ARSLIST.ORG Subject: Password Change Form ** Listers,   I am attempting to create a Password Change Form in ARS 6.3, and running into some difficulty. Basically I’m creating a Display-Only form where they first have to type in their current password, which needs to be validated. However, I realize that you can’t do this directly with the “Password” field on the ‘User’ Form (Field ID 102) as searches on this field aren’t allowed, AND the field is encrypted anyways.   With that said, I know you can copy or “push” the contents of the field to a separate Character Field, which displays the password in it’s encrypted format.   According to Remedy documentation I found at http://www.remedy.com/customers/dht/archive/03-15-2004.htm you can do the following:   “If your business logic requires that passwords by accessed by workflow – and you are confident that your system will not be attacked – you can save passwords when they are submitted or modified in the user shema. You can do this by copying the passwords into a character field with a filter fired when a user schema entry is submitted or modified. The new encrypt () and decrypt() functions allow you to perform this action without making the passwords visible. Since the passwords are stored as data in a character field (albeit encrypted), they are accessible via workflow like any other character field.”   When I looked up the encryt() and decrypt() functions, I noticed that they require two parameters. 1) the Field you wish to decrypt, and 2) the decryption key. So my question is, if this is something that Remedy says is possible, why can’t I find the key anywhere that’s necessary to do this? I know this is possible, because I ran across a website that developed this sort of an application. http://service-it-remedy.web.cern.ch/service-it-remedy/FAQ/PW.html   The pictures depict the “Current password” box…. Support told me on the phone they didn’t know what I was talking about. Any ideas?   Chris Gillman generationE Technologies -- Internal Virus Database is out-of-date. Checked by AVG Free Edition. __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___