[rt-users] Building Upon the Concept from AutogeneratedPasswo rd (fwd)

doogles at doogles.com doogles at doogles.com
Thu Feb 16 20:23:31 EST 2006


Steven--

Hrm, is there any authentication to this?  I'm thinking something like the 
e-commerce folks use, email out a big long string that needs to be passed 
back to the server.  If you don't really have access to that email 
address, you can't change the password.  If you do, then you click the 
link and are given the option to reset your password.

What do you think?

-jd

On Thu, 16 Feb 2006, Steven Platt wrote:

> Hi jd,
>
> We've recently implemented a PHP driven password reminder system for our
> self-service users. They enter an e-mail address which is checked against
> the DB (we use postgres8). Valid addresses get login details e-mailed back
> out to the supplied address.
> http://www.hpa-bioinfosupport.org.uk/RT/
>
> AFAIK it's not possible to easily backtrack from an MD5 encrypted string, so
> our system involves resetting the password to a standard pattern within the
> system. Resetting the password seems to be the best way, but I'm prepared
> (and expecting) to be corrected.
>
> Steve
>
> Steve Platt
> Bioinformatics Support Co-ordinator
> Bioinformatics Unit: Statistics, Modelling & Bioinformatics Department
> Center for Infections
> Health Protection Agency
> 61 Colindale Avenue
> London
> UK
> NW9 5EQ
> http://www.hpa.org.uk/srmd/bioinformatics/index.htm
>
> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com
> [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of
> doogles at doogles.com
> Sent: Thursday,16 February 2006 02:20
> To: rt-users at lists.fsck.com
> Subject: [rt-users] Building Upon the Concept from AutogeneratedPassword
> (fwd)
>
> It occured to me that the passwords are encrypted in the database, which
> is likely the reason this isn't trivial.  Is the password encryption
> one-way?  Is this something I could turn off?
>
> The customers we have using RT love the SelfService interface, but as I
> mentioned, they tend to forget their password.  Has anyone else done up
> something like a "Forgot password, send me a new one"-type functionality
> that they would be willing to share?  This has become quite an
> administration headache for me.
>
> -jd
>
> ---------- Forwarded message ----------
> Date: Mon, 13 Feb 2006 05:46:37 -0500 (EST)
> From: doogles at doogles.com
> To: rt-users at lists.fsck.com
> Subject: [rt-users] Building Upon the Concept from AutogeneratedPassword
>
> RT Users--
>
> (I'm running RT 3.4.5.)
>
> I recently modified my Autocreate templates to include the logic suggested
> in
> the AutogeneratedPassword page in the BestPractical wiki.  This works well.
> However, my user base has a usage pattern which has them interfacing with RT
>
> "once and awhile", and they tend to forget what their password is.
>
> I would like to build upon the AutogeneratedPassword template to email
> username/password every time they open up a ticket.
>
> I tried a couple of different things without success.  Would anyone care to
> suggest the 'right' way to accomplish this?  I would be happy to update the
> Wiki after I successfully implement this.
>
> Thanks!,
> -jd
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Be sure to check out the RT Wiki at http://wiki.bestpractical.com
>
> Download a free sample chapter of RT Essentials from O'Reilly Media at
> http://rtbook.bestpractical.com
>
> WE'RE COMING TO YOUR TOWN SOON - RT Training in Amsterdam, Boston and
> San Francisco - Find out more at
> http://bestpractical.com/services/training.html
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Be sure to check out the RT Wiki at http://wiki.bestpractical.com
>
> Download a free sample chapter of RT Essentials from O'Reilly Media at
> http://rtbook.bestpractical.com
>
> WE'RE COMING TO YOUR TOWN SOON - RT Training in Amsterdam, Boston and
> San Francisco - Find out more at
> http://bestpractical.com/services/training.html
>
> -----------------------------------------
> ***********************************************************************
> ***
> The information contained in the EMail and any attachments is
> confidential and intended solely and for the attention and use of the
> named addressee(s). It may not be disclosed to any other person without
> the express authority of the HPA, or the intended recipient, or both.
> If you are not the intended recipient, you must not disclose, copy,
> distribute or retain this message or any part of it. This footnote also
> confirms that this EMail has been swept for computer viruses, but
> please re-sweep any attachments before opening or saving.
> HTTP://www.HPA.org.uk *************************************************
> *************************
>



More information about the rt-users mailing list