Hi randy,
I've checked it.
There is no this issue(Password must be change at next logon on) for
the j2 bundled ldap authentication provider, cause it still didn't
support this function yet. Sorry for the mess-up in my previous email.
The reason why I mess all these things up is that I implement all the
security handlers and dao which based on Default database based
authentication provider. But I do insist
that J2 should support configuration of "change required at next
logon", "enabled" and "expired"(maybe) for the default authentication
provider.
- James Liao
On 9/2/05, James Liao <[EMAIL PROTECTED]> wrote:
> Hi randy,
> Thanks for your response and thanks for J2 dev team. I'll check it out
> later! If it didn't change, I am thinking about fire a improvement
> issue in Jira.
>
> - James Liao
>
> On 9/2/05, Randy Watler <[EMAIL PROTECTED]> wrote:
> > James,
> >
> > I know the dev team is aware of this issue, that is why I think it has
> > been addressed in M4 to some degree: the admin servlet seems to have the
> > default unchecked now.
> >
> > Please let me know if the M4 admin portlet is still forcing the users to
> > change their passwords. I cannot speak authoratively on the LDAP
> > integration behavior, sorry.
> >
> > Randy
> >
> > James Liao wrote:
> >
> > >Hi Randy,
> > >One more thing, if I just config an exist ldap server as the only one
> > >or one of the authentication providers. All the ldap users are forced
> > >to change their password. Well, yes, as you mention below, the
> > >administrator could change them in user detail portlet, but if there
> > >are hundreds of ldap users, then it is unacceptable.
> > >
> > >Hope I'm wrong, cause I just test that in j2-m3.
> > >
> > >- James Liao
> > >
> > >On 9/1/05, James Liao <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > >>Hi randy,
> > >>Thanks for responseding!
> > >>I think what we need is when we create a new user, the "change
> > >>required at next logon" check box could be config if it is checked or
> > >>not. Now the default is checked. There is no way to config it.
> > >>
> > >>- James Liao
> > >>
> > >>On 9/1/05, Randy Watler <[EMAIL PROTECTED]> wrote:
> > >>
> > >>
> > >>>Guys,
> > >>>
> > >>>I am not totally sure, but it appears that it is no longer the default
> > >>>for new users to be required to change their passwords in M4/svn HEAD...
> > >>>in any case, there is a checkbox option under the password tab that
> > >>>allows the admin to choose the policy per account.
> > >>>
> > >>>I do recall some issue with the hsqldb and password expiration... is
> > >>>that possibly the issue here?
> > >>>
> > >>>Randy
> > >>>
> > >>>James Liao wrote:
> > >>>
> > >>>
> > >>>
> > >>>>Well, I just rewrite a method named getPasswordCredential in class
> > >>>>DefaultCredentialHandler.
> > >>>>
> > >>>>try {
> > >>>> //
> > >>>> // FIXME A bad way to ignore credential's
> > >>>>update required modification from ipcInterceptor_.afterLoad()
> > >>>> // J2 should let portal administrator to
> > >>>>determine if a user first time log into portal must change
> > >>>> // their password immediately. This
> > >>>>function should be implement in
> > >>>>InternalPasswordCredentialStateHandlingInterceptor.afterLoad().
> > >>>> //
> > >>>> //
> > >>>> boolean hack =
> > >>>>credential.isUpdateRequired(); // Save the update required status.
> > >>>> if ( ipcInterceptor_ != null &&
> > >>>>ipcInterceptor_.afterLoad(pcProvider_, username, credential) ) {
> > >>>> //
> > >>>> // update InternalUserPrincipal to
> > >>>>save post processed data
> > >>>> //
> > >>>> credential.setUpdateRequired(hack); //
> > >>>>Set it back to ignore the change in above afterLoad method.
> > >>>>
> > >>>>securityAccess_.setInternalUserPrincipal(internalUser,internalUser.isMappingOnly());
> > >>>> }
> > >>>> break;
> > >>>> } catch (SecurityException e) {
> > >>>>
> > >>>>LOG.error(ResourceBundleUtils.getString(BUNDLE,
> > >>>>"BwLdapCredentialHandler.FailToLoadCredential", credential), e); //
> > >>>>NOI18N
> > >>>> }
> > >>>>
> > >>>>I do think it is not a good solution for this problem, I hope j2 team
> > >>>>could provide this functionality,
> > >>>>- James Liao
> > >>>>
> > >>>>On 9/1/05, James Dixon <[EMAIL PROTECTED]> wrote:
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>>Thanks James
> > >>>>>
> > >>>>>I've had a bit of a look at that DefaultCredentialHandler. I haven't
> > >>>>>had
> > >>>>>to plumb the depths of the Jetspeed Source Code too much yet, and so
> > >>>>>it was
> > >>>>>fairly unfamiliar to me - could you provide some more details of the
> > >>>>>hack ?
> > >>>>>
> > >>>>>Cheers
> > >>>>>
> > >>>>>James
> > >>>>>-----Original Message-----
> > >>>>>From: James Liao [mailto:[EMAIL PROTECTED]
> > >>>>>Sent: Thursday, 1 September 2005 10:57 AM
> > >>>>>To: Jetspeed Users List
> > >>>>>Subject: Re: Turn off 'change required at next logon' - an easy one??
> > >>>>>
> > >>>>>Hi james,
> > >>>>>I am also interested in this. But it seems that there is no way to
> > >>>>>turn it
> > >>>>>off in spring configuration file. So I just hack it in class:
> > >>>>>DefaultCredentialHandler.
> > >>>>>
> > >>>>>regards,
> > >>>>>
> > >>>>>-James Liao
> > >>>>>
> > >>>>>On 9/1/05, James Dixon <[EMAIL PROTECTED]> wrote:
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>>An easy one, I hope.
> > >>>>>>
> > >>>>>>The default setting when you create a new user through the jetspeed
> > >>>>>>administrative portlet is for the user to change their password at
> > >>>>>>next login. As we will be importing existing passwords, we will not
> > >>>>>>want to do that. Can I turn off this setting so that users do not
> > >>>>>>have to change their password the first time they log in? If so,
> > >>>>>>where is the parameter found? - I couldn't see it in
> > >>>>>>security-spi-atn.xml.
> > >>>>>>
> > >>>>>>Thanks
> > >>>>>>
> > >>>>>>James
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>---------------------------------------------------------------------
> > >>>>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >>>>>For additional commands, e-mail: [EMAIL PROTECTED]
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>---------------------------------------------------------------------
> > >>>>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >>>>>For additional commands, e-mail: [EMAIL PROTECTED]
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>---------------------------------------------------------------------
> > >>>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >>>>For additional commands, e-mail: [EMAIL PROTECTED]
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>
> > >>>---------------------------------------------------------------------
> > >>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >>>For additional commands, e-mail: [EMAIL PROTECTED]
> > >>>
> > >>>
> > >>>
> > >>>
> > >
> > >---------------------------------------------------------------------
> > >To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
