powered by Jive Software

Resetting passwords

I’ve searched high and low for a good way to do password recovery/reset for openfire. See, I initially figured I could write a simple PHP page to hit the user database and do what I needed to, BUT this is much harder than expected due to the obscure passwording scheme used in openfire.

So here is my question:

What is the easiest way to provide password reset/recovery to an end user? Has anyone done something similar?

Thanks in advance,

Aaron

Hi Aaron,

did you take a look at http://www.igniterealtime.org/projects/openfire/plugins/userservice/readme.html ?

You still need to build something around that if you want to allow a user to reset it’s password.

So if you have the option to use AD/LDAP for auth you may want to do this, as you may have also tools for AD/LDAP password reset.

LG

The only problem with that solution is that it doesn’t auth against the current password.

For instance, if user “joe” comes along to some HTML form that posts to the user service, he can put in any username and any password, and it will reset it.

I can’t seem to verify that this really is the user - that “joe” is really joe.

I guess, I may have been unclear: I’m talking about resetting AND changing as one function to the end user.

Hi,

that’s indeed a problem if you make this service available for every user and not only for the help desk.

But how should “Joe” identify itself if he did forget the password?

Maybe one wants to add a “get” function to the user service plugin to retrieve the email address and the online state. So you could send an email to “Joe” with the new password. And one could make sure that “Joe” is offline while changing the password.

In a LAN this may be possible, you could log the IP address and identify one if the service gets abused. But in the internet you may want to add a question with a secret answer somewhere, likely not in Openfire.

LG