[rt-users] auto-set and email random passwords for privileged users?

Ole Craig ocraig at stillsecure.com
Thu Aug 17 21:37:11 EDT 2006


(Running 3.6.0 with mysql on CentOS 4.3)

I would like to set up a system whereby existing privileged users with 
      * certain group membership(s), and 
      * blank passwords 

can login to RT as follows: 
     1. they hit the main page, enter their email address (username) and
        a blank password. 
     2. RT generates a random password and sends it in an email to the
        user's email address (remember, this is a preexisting user, so
        we should have a valid email.)
     3. RT displays a page to the user explaining its actions.
     4. If the new password is not utilized within X minutes, RT
        re-blanks the password. (Alternatively, if the password is not
        used in X minutes, then the next time a login is attempted we
        loop back to step 2.)

Has anyone tried something like this? Care to share your experiences?
Also, can anyone spot any potential unintended consequences? (I'm
intending to limit the potential for damage by only enabling this for
users in a certain group, for which almost no privileges exist except
for SeeCustomField on RTFM articles.)

	Thanks,
		Ole
-- 
/Ole Craig
Security Engineer

303-381-3802 (main support hotline)
303-381-3824 (my direct line)
303-381-3801 (fax)

www.stillsecure.com
. . .



More information about the rt-users mailing list