directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Approach for reset password of an expired account
Date Sat, 24 May 2014 16:37:11 GMT
On Sat, May 24, 2014 at 2:47 AM, Sathya S <sathya.skr.75@gmail.com> wrote:

> I am trying to enable a flow where users of a web site can reset their
> passwords  when ti has expired. I have enabled the maxAge configuration to
> make the password expire after 10 days. This works well and I get an expiry
> error. When I get this, I redirect the user to a change-password page where
> they need to enter the old and new passwords.
>
> I am now stuck at how to verify the old password ! If I try to bind using
> the user's credentials, I get a password expiry error regardless of whether
> the password I provide is right or not. I know there is a Admin user - can
> I use it somehow to check th correctness of a user password even after its
> expired so that I can then change it to the new one?
>
> the way to do this is

1. get the password from the user entry (search this as admin)
2. use compareCredentials() method of PasswordUtil class to verify the
given credentials

> Thanks.
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message