(Running 3.6.0 with mysql on CentOS 4.3)
I would like to set up a system whereby existing privileged users with
* certain group membership(s), and
* blank passwords
can login to RT as follows:
1. they hit the main page, enter their email address (username) and
a blank password.
2. RT generates a random password and sends it in an email to the
user’s email address (remember, this is a preexisting user, so
we should have a valid email.)
3. RT displays a page to the user explaining its actions.
4. If the new password is not utilized within X minutes, RT
re-blanks the password. (Alternatively, if the password is not
used in X minutes, then the next time a login is attempted we
loop back to step 2.)
Has anyone tried something like this? Care to share your experiences?
Also, can anyone spot any potential unintended consequences? (I’m
intending to limit the potential for damage by only enabling this for
users in a certain group, for which almost no privileges exist except
for SeeCustomField on RTFM articles.)
Thanks,
Ole
/Ole Craig
Security Engineer
303-381-3802 (main support hotline)
303-381-3824 (my direct line)
303-381-3801 (fax)
www.stillsecure.com
. . .