imo, password fields must be filled if they have the * as mandatory
On 12/26/06, Jesse McConnell <[EMAIL PROTECTED]> wrote:
imo, yes :)
only the administrator has the ability to make those decisions and
they ought to be allowed to do it...
we restrict it already that users are not by default allowed to make
empty passwords but with a but of configuration they should be allowed
to not have passwords, if that is the admin's desire.
also, admins can make passwords that don't follow the password
conventions, but by default they are setup to be forced to make a
password that does conform on first login
jesse
On 12/26/06, Wendy Smoak <[EMAIL PROTECTED]> wrote:
> In 1.1-SNAPSHOT, on 'Create New User', I can create an account with no
> password, even though the two password fields have asterisks displayed
> next to them.
>
> If I then edit the user and uncheck the 'Change Password Next Login'
> box, the user can log in without a password.
>
> Should this be possible?
>
> --
> Wendy
>
--
jesse mcconnell
[EMAIL PROTECTED]
--
I could give you my word as a Spaniard.
No good. I've known too many Spaniards.
-- The Princess Bride
