Forum OpenACS Q&A: Recover password doesn't allow 'CanRetrieve' in 'local' authority

1: Recover password doesn't allow 'CanRetrieve' in 'local' authority

Posted by Juanjo Ruiz on 07/20/04 12:54 PM

Hi,

My question is about the way the system sends you an email after hitting the 'Forgot your password' link in the main login page. I would like the system sends the actual password of the user instead the automatic generation of a new one.

I thought it would be a parameter in acs-subsite like 'RegistrationProvidesRandomPasswordP' but I didn't find it. I've seen the call to 'auth::password::recover_password' but since I've never used before the authentication package I don't know what can I do. Must I create a new service 'CanRetrieve' for the 'local' authority which return 'yes' and the old password or merely update my openACS version or...

system configuration:
-5.x openACS with acs-subsite 5.0.0b4, acs-kernel 5.0.0a5 and acs-authentication 5.0a3.
-AOLserver 4.0 for windows
-Oracle 9i

thanks in advance.

2: Re: Recover password doesn't allow 'CanRetrieve' in 'local' authority (response to 1)

Posted by Juanjo Ruiz on 07/20/04 02:09 PM

I realize now that you cannot retrieve the password because it's encrypted in the database, then my question would be:
Is it possible to work with unencrypted passwords, saving the plain password in the database, without rewriting the existing code?

3: Re: Recover password doesn't allow 'CanRetrieve' in 'local' authority (response to 1)

Posted by Rocael Hernández Rizzardini on 07/20/04 04:44 PM

Yes, change:
ad_check_password
ad_change_password
ad_user_new

and change to not use ns_passwd encription any more ....
though, store plain text passwd is not the best option.