http://bugs.skolelinux.org/show_bug.cgi?id=1336
[email protected] changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected], hol...@layer- | |acht.org Status|RESOLVED |REOPENED Resolution|WONTFIX | ------- Comment #12 from [email protected] 2009-03-07 17:52 ------- I'm unsure what to do here. To summarize what happened: lwat 0.16-1 had a bug, which allowed that admins can change user-passwords. It was a bug, because the intended default behaviour was that admins couldnt do that, but lwat automatically generates one, which is unchangeable to the admin. In 0.16-1 the setting $allowPwSet in /etc/lwat/config.php was set to false. 0.16-1 was in our etch until February 19th 2009. lwat 0.17-1 silently (=without changelog entry) fixed that bug, so that it's (in the default configuration) not possible anymore, to change the passwords. http://bugs.skolelinux.org/1336 explains quite well, why teachers want to change passwords and why changing the default behaviour in a stable release update is bad. So what should be done now? I suppose the best is to revert the bug fix and allow the admin to change the password in any case, no matter what the config says. This will "just" lead to problems, when the config is respected in lenny. (And probably make upstream (hallo Finn-Arne :) somewhat unhappy.. :/ The proposed fix is to change line 1154 of lib/admin.php: -- pwgen(), ($allowPwSet ? "" : "readonly") ) ; ++ pwgen(), ("true") ) ; Comments? -- Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
