(Running 3.6.0 with mysql on CentOS 4.3) I would like to set up a system whereby existing privileged users with * certain group membership(s), and * blank passwords
can login to RT as follows: 1. they hit the main page, enter their email address (username) and a blank password. 2. RT generates a random password and sends it in an email to the user's email address (remember, this is a preexisting user, so we should have a valid email.) 3. RT displays a page to the user explaining its actions. 4. If the new password is not utilized within X minutes, RT re-blanks the password. (Alternatively, if the password is not used in X minutes, then the next time a login is attempted we loop back to step 2.) Has anyone tried something like this? Care to share your experiences? Also, can anyone spot any potential unintended consequences? (I'm intending to limit the potential for damage by only enabling this for users in a certain group, for which almost no privileges exist except for SeeCustomField on RTFM articles.) Thanks, Ole -- /Ole Craig Security Engineer 303-381-3802 (main support hotline) 303-381-3824 (my direct line) 303-381-3801 (fax) www.stillsecure.com . . . _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com