On July 23, 2015 3:53:34 PM CEST, Mads Kiilerich <[email protected]> wrote: >On 07/19/2015 03:35 PM, Andrew Shadura wrote: >> # HG changeset patch >> # User Andrew Shadura <[email protected]> >> # Date 1431821238 -7200 >> # Sun May 17 02:07:18 2015 +0200 >> # Node ID 98cb64feddfb89f106f66763462061fd2ca3f412 >> # Parent f103b1a2383bc4fba5d28f9732ba832025e3bf00 >> secure password reset implementation > >A couple of other things: > >It should make sure it doesn't go too far with changing passwords when >using external authentication (but also not reveal too much information > >too early). (I guess it would be nice if each authentication module had > >a customizable "tell the user how to change the password" string...)
Related to this, ldap users currently (without patch, I haven't checked with) see a password reset link that actually sends a mail but without effect on the password. This is confusing and wrong. _______________________________________________ kallithea-general mailing list [email protected] http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
