imo, yes :) only the administrator has the ability to make those decisions and they ought to be allowed to do it...
we restrict it already that users are not by default allowed to make empty passwords but with a but of configuration they should be allowed to not have passwords, if that is the admin's desire. also, admins can make passwords that don't follow the password conventions, but by default they are setup to be forced to make a password that does conform on first login jesse On 12/26/06, Wendy Smoak <[EMAIL PROTECTED]> wrote:
In 1.1-SNAPSHOT, on 'Create New User', I can create an account with no password, even though the two password fields have asterisks displayed next to them. If I then edit the user and uncheck the 'Change Password Next Login' box, the user can log in without a password. Should this be possible? -- Wendy
-- jesse mcconnell [EMAIL PROTECTED]
