On 26 Dec 06, at 10:58 AM 26 Dec 06, Jesse McConnell wrote:

imo, yes :)

only the administrator has the ability to make those decisions and
they ought to be allowed to do it...


Definitely, as it might be used in a small group, in an already secure environment. Assume the driver has a brain.

Jason.

we restrict it already that users are not by default allowed to make
empty passwords but with a but of configuration they should be allowed
to not have passwords, if that is the admin's desire.

also, admins can make passwords that don't follow the password
conventions, but by default they are setup to be forced to make a
password that does conform on first login

jesse

On 12/26/06, Wendy Smoak <[EMAIL PROTECTED]> wrote:
In 1.1-SNAPSHOT, on 'Create New User', I can create an account with no password, even though the two password fields have asterisks displayed
next to them.

If I then edit the user and uncheck the 'Change Password Next Login'
box, the user can log in without a password.

Should this be possible?

--
Wendy



--
jesse mcconnell
[EMAIL PROTECTED]


Reply via email to