| Previous · Next | |
| User | Message |
|
scslowik
|
Date: 3/16/2010 1:32 pm · Subject: Access/Return Password · Rating: 0
I would like to be able to access/return the password of the logged-in user. The User macro does not seem to return Passwords. Any suggestions are appreciated. --- (Edited on 3/16/2010 1:32 pm [GMT-0500] by scslowik) --- |
| Back to Top |
Rate [ | ]
|
|
perlDreamer
|
Date: 3/16/2010 10:53 pm · Subject: Re: Access/Return Password · Rating: 0
There is no way to send the user their password, it's a security feature. If a user loses their password, they should use the password recovery feature of WebGUI. It will need to be enabled in the Settings screen of the Admin Console. --- (Edited on 3/16/2010 8:53 pm [GMT-0700] by perlDreamer) --- |
| Back to Top |
Rate [ | ]
|
|
knowmad
|
Date: 3/17/2010 7:45 am · Subject: Re: Access/Return Password · Rating: 0
Colin, To play devil's advocate here, if WebGUI can send out an email to the user with their login information, why coudn't it also allow an admin to trigger this email? I use this feature of BasecampHQ all the time as our clients simply can't keep up with all their passwords. I find it far easier and more client-friendly than asking the client to go through the steps needed to trigger the reminder email.
William ---- --- (Edited on 3/17/2010 8:45 am [GMT-0400] by knowmad) --- |
| Back to Top |
Rate [ | ]
|
|
roryzweistra
|
Date: 3/17/2010 7:56 am · Subject: Re: Access/Return Password · Rating: 0
WebGUI doesn't send you the login information right? As far as I know WebGUI sends you an url where you can reset your password. Cheers, Rory On Mar 17, 2010, at 1:45 PM, <william@knowmad.com> wrote:
---------------------------------------------------------------------------------------------------------------------- Met vriendelijke groet / Kind regards, Rory Zweistra Rotterdamseweg 183 C 2629 HD Delft Nederland T: (+31) 015 750 10 98 F: (+31) 015 750 10 99 --- (Edited on 3/17/2010 7:56 am [GMT-0500] by roryzweistra) --- |
| Back to Top |
Rate [ | ]
|
|
knowmad
|
Date: 3/17/2010 8:22 am · Subject: Re: Access/Return Password · Rating: 0
Good point Rory, and looking back at the OP, I may have responded too quickly (still working on my first cup of coffee this AM). It appears he wants to display the password from the website. That's impossible as the password is encrypted. Still, having the ability to send out the password reminder email via the admin interface could be useful...
William ---- --- (Edited on 3/17/2010 9:22 am [GMT-0400] by knowmad) --- |
| Back to Top |
Rate [ | ]
|
|
roryzweistra
|
Date: 3/17/2010 8:41 am · Subject: Re: Access/Return Password · Rating: 0
Hey William, as it is around 2.30 pm I have to admit I had a fair amount of coffee :) I thought about it for a little while and came up with the following. ALTHOUGH I DON'T RECOMMEND IT!! What I think you can do is change the registration so it doesn't only create a password in the users table, but also a copy of the password in let's say a table you created yourself. in auth.pm you have a sub called createAccountSave. If I'm not mistaking the password here isn't encrypted yet. So you can write a simple sql statement here to inject it into that table along with userId or e-mail. But keep in mind that this hurts the privacy and security of your site. Rory On Mar 17, 2010, at 2:22 PM, <william@knowmad.com> wrote:
---------------------------------------------------------------------------------------------------------------------- Met vriendelijke groet / Kind regards, Rory Zweistra Rotterdamseweg 183 C 2629 HD Delft Nederland T: (+31) 015 750 10 98 F: (+31) 015 750 10 99 --- (Edited on 3/17/2010 8:41 am [GMT-0500] by roryzweistra) --- |
| Back to Top |
Rate [ | ]
|
|
knowmad
|
Date: 3/17/2010 8:47 am · Subject: Re: Access/Return Password · Rating: 0
Hey Rory, You need to lay off the caffeine. You're thinking too much ;) Actually, a similar thought crossed my mind but then I thought that I wouldn't recommend it so no need to post. My idea was to push the plaintext password into a custom user profile field (even worse than your plan to have a separate table).
William ---- --- (Edited on 3/17/2010 9:47 am [GMT-0400] by knowmad) --- |
| Back to Top |
Rate [ | ]
|
|
martien
|
Date: 3/17/2010 11:12 am · Subject: Re: Access/Return Password · Rating: 0
Good idea. Perhaps you give him unconditional mysql access rights to read it. ;)
But an admin, who really thinks of using unencrypted passwords could change Auth::WebGUI: sub hashPassword { --- (Edited on 17.03.2010 17:13 [GMT+0100] by martien) --- |
| Back to Top |
Rate [ | ]
|
|
scslowik
|
Date: 3/17/2010 11:56 am · Subject: Re: Access/Return Password · Rating: 0
Firstly, Thank you to everyone that replied to my original post. The WebGUI community is one of the best I have seen.
I understand the security concerns with respect to the method used for WebGUI password security and agree with the way that it is implemented.
Now, here is the reason for my original post: I am building a WebGUI installation that utilizes multiple WebGUI sites. I would like to use a single sign-on for all of the sites. I have installed an OpenLDAP server which takes care of the WebGUI authorization for all sites. I have followed the wiki entry titled "Auto Login to Remote Apps". Logins from the main site follow correctly to the others. The problem is that the admin needs to manually enter the password as a custom field in the profile of the main website. Is there a way to have the password returned/read so that it can be sent to the login of the other sites. It is preferred that the logged in user cannot have access to this field for security purposes (admin only). --- (Edited on 3/17/2010 11:56 am [GMT-0500] by scslowik) --- |
| Back to Top |
Rate [ | ]
|
|
knowmad
|
Date: 3/17/2010 3:40 pm · Subject: Re: Access/Return Password · Rating: 0
Maybe I misunderstand but why wouldn't you just use the LDAP authentication method in WebGUI? From my understanding, it can do automatic LDAP Registration against your LDAP server. ---- --- (Edited on 3/17/2010 4:40 pm [GMT-0400] by knowmad) --- |
| Back to Top |
Rate [ | ]
|
