PAM should already work via external authentication, but is impractical in Bogdan's situation where there is zero email or multiple users for one email address and there is no way to notify nor provide an individual customer user how to change her password securely and easily.

Since it appears contact needs to be made manually anyway, it seems practical to change the passwords over the phone on demand.


On Mon, Mar 4, 2013 at 11:48 AM, David Boyes <dboyes@sinenomine.net> wrote:

A password expiration date would be a useful addition to OTRS (or the option to defer authentication to PAM, where we can already do that). If the password is expired, OTRS could force the password change on expiration, setting the field to zero would be “never expire”.

I like the PAM idea a lot better, though – that would permit this to work with any authentication method, and be a much more general solution to the problem.

 

From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Gerald Young
Sent: Monday, March 04, 2013 9:02 AM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] How can I reset passwords for all customers?

 

"I need to reset passwords to values that are later communicated to customers"

I don't see how this is good security, especially since the passwords aren't forced to reset and you've now generated a list of passwords for all your users in plain text after a potential security breach. 

 

I realize you have to do what you have to do, but having the users reset their own password is (IMO) a safer tactic.


---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs