In fact, I saw this error on ACS4.2, but never try to fix it. I did use the send password by email before user could enter the site. I had to modify some pages because he should be logged out to be forced to log in back when receiving the password. I could find what I did if someone request it.