[Rt-devel] Need of Current Password

Jeff Voskamp jeff at voskamp.ca
Thu Jun 10 09:27:52 EDT 2010


On 06/10/2010 08:40 AM, Emmanuel Lacour wrote:
> Seems it is needed that people with right SuperUser or AdminUsers have to
> enter their current password to change the password of someone else ...
> this seems very unusual to me?
> (same problem with new user creation)
>    
It makes sure someone doesn't walk up to your PC and do something nasty 
when you're getting coffee. :-) Mind you, there are worse things they 
could do.  It also makes sure you don't accidentally change someone's 
password when updating their profile.
> Also, there seems to be a side effect with RT::Authen::ExternalAuth. If
> it's configured with both external and internal users, it is impossible
> for an external user with appropriate right to set a password for an
> internal user.
>    
It's probably only checking your internal password, which may or may not 
be set.

Jeff


More information about the rt-devel mailing list