Potential Bug: Security Enhanced Manager (forced password change)

 
1
0
-1

Hi guys,

I am using the enhanced security directory manager.

In v6 beta 2 new users are still required to change their password - even though I deactivated this in the settings. I thought it is a bug - however, I add users through a series of sql statements and may be missing a db field controlling this?

Cheers,

Eric

    CommentAdd your comment...

    1 answer

    1.  
      2
      1
      0

      Hi, I think it depends on how you added the passwords in your SQL. If you added MD5 passwords, then when using the Security Enhanced Directory Manager it will prompt a change of password because it's using a stronger encryption according to Improved Password Storage.

      1. Eric

        Thanks - I adapted a Joget example app - so it might only be md5. Maybe sending out one time passwords for the initial registration is better anyway since it means they have to have access to that email address.

      CommentAdd your comment...