Open
Bug 454358
Opened 16 years ago
Updated 9 years ago
support configurable password reset policies
Categories
(Bugzilla :: Administration, task, P5)
Tracking
()
NEW
People
(Reporter: timeless, Unassigned)
Details
i'd like Bugzilla to support a couple of password reset policies with each user being able to select a policy*: 1. current (user can reset by token) 2. disabled (user can refuse to allow password resets via web service) - ideally all attempts to trigger a reset should result in a pager request to an admin 3. it should be possible to specify a default reset policy based on group membership. if multiple groups specify a policy, the strongest one should win by default. 4. groups should be able to specify preferred and disallowed, so a group may specify that a certain policy must not be used for anyone in a group.
|
||
Updated•16 years ago
|
Priority: -- → P5
|
||
Comment 1•16 years ago
|
||
Per my discussion with timeless on IRC, what he wants is the ability to prevent the "forgot my password" email from being sent unencrypted through the web. In this case, a better fix is to use the GPG key to encrypt the email before sending it. I don't think we will implement such policies.
|
||
Comment 2•16 years ago
|
||
I think encrypted reset emails is the right way to go here. Gerv
You need to log in
before you can comment on or make changes to this bug.
Description
•