A password expiration date would be a useful addition to OTRS (or the option to defer authentication to PAM, where we can already do that). If the password is expired, OTRS could force the password change on expiration, setting the field to zero would be "never expire". I like the PAM idea a lot better, though - that would permit this to work with any authentication method, and be a much more general solution to the problem.
From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of Gerald Young Sent: Monday, March 04, 2013 9:02 AM To: User questions and discussions about OTRS. Subject: Re: [otrs] How can I reset passwords for all customers? "I need to reset passwords to values that are later communicated to customers" I don't see how this is good security, especially since the passwords aren't forced to reset and you've now generated a list of passwords for all your users in plain text after a potential security breach. I realize you have to do what you have to do, but having the users reset their own password is (IMO) a safer tactic.
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
