Project

General

Profile

Feature #43930

mgr/dashboard: Make user creation with password change on logon easier

Added by Stephan Müller 2 months ago. Updated 5 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
dashboard/usermgmt
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

After #24655 has been resolved, I can create a new user without a password an check "User must change password at next logon".

But I can't click the logon button without typing a password, but the user has no password as it should be set on next logon.

There are 3 ways to solve this:
1. Enable logon without a password
2. Enable passwords without password rule if the user has to change his PW anyway on his first logon according to the rules.
3. Button to automatically generate a password that complies with the rules and copy into to the clipboard.

History

#1 Updated by Volker Theile 2 months ago

Keep the password policies in mind. This might make this issue a little bit more complicated.

#2 Updated by Tatjana Dehler 2 months ago

I do have a question... maybe it's a dump one: what's the purpose of creating an user without password? - I thought it's only used for SSO?

#3 Updated by Stephan Müller about 2 months ago

If you just check "User must change password at next logon" you might be attempted to create a user with no password with the idea in mind that the new user can logon to the password change dialog in order to set his password, and you are allowed to create a user without a password, but you can't login.

#4 Updated by Lenz Grimmer 5 days ago

  • Tags set to administration
  • Target version deleted (v15.0.0)

#5 Updated by Tatjana Dehler 5 days ago

Stephan Müller wrote:

If you just check "User must change password at next logon" you might be attempted to create a user with no password with the idea in mind that the new user can logon to the password change dialog in order to set his password, and you are allowed to create a user without a password, but you can't login.

I think that's a combination of two different use cases. I don't think it was intentional to create a user without a password and forcing him to change the password at the next login. The possibility to create users without passwords serves the SSO use case. In my opinion this issue should be fixed by disabling the "User must change password at next logon" checkbox as long as no password has been set.

Also available in: Atom PDF