reset the customer_user's password in two databases
I am using my own application software for maintaing customer accounts. customer_user table contain the information of the customer like login, password etc. But now i am using otrs along with it. it uses its own table for customer information (as in its own customer_user table) I want to maintain both tables. But the problem is that when a customer request for new password, at that time otrs application automatically generates a password and send it to the user by email. I want to change password acc. to OTRS in my own applicaion database table customer_user . But the password stored in OTRS is in Crypted form and in my own database it is in its actual form. i want the password in its actual form as well as automatically change in my own database. i dont have any idea about perl. please anyone provide me the solution of this problem. thanks in advance -- Regards Arvind
Arvind Kumar wrote:
I am using my own application software for maintaing customer accounts. customer_user table contain the information of the customer like login, password etc. But now i am using otrs along with it. it uses its own table for customer information (as in its own customer_user table) I want to maintain both tables. But the problem is that when a customer request for new password, at that time otrs application automatically generates a password and send it to the user by email. I want to change password acc. to OTRS in my own applicaion database table customer_user . But the password stored in OTRS is in Crypted form and in my own database it is in its actual form. i want the password in its actual form as well as automatically change in my own database. i dont have any idea about perl. please anyone provide me the solution of this problem.
I think you'll have to change your own software to use OTRS's encrypted password column. That way you only have one password field for both apps, so no problems with passwords getting out of sync. Nils Breunese.
Sir, I am agree with you, but sometime I need the password of customer to
rectify their problem.
And for that I need it in original form not in encryped form. please
suggest me that how can i get the password in its original form.
Arvind
On 8/26/06, Nils Breunese (Lemonbit Internet)
Arvind Kumar wrote:
I am using my own application software for maintaing customer accounts. customer_user table contain the information of the customer like login, password etc. But now i am using otrs along with it. it uses its own table for customer information (as in its own customer_user table) I want to maintain both tables. But the problem is that when a customer request for new password, at that time otrs application automatically generates a password and send it to the user by email. I want to change password acc. to OTRS in my own applicaion database table customer_user . But the password stored in OTRS is in Crypted form and in my own database it is in its actual form. i want the password in its actual form as well as automatically change in my own database. i dont have any idea about perl. please anyone provide me the solution of this problem.
I think you'll have to change your own software to use OTRS's encrypted password column. That way you only have one password field for both apps, so no problems with passwords getting out of sync.
Nils Breunese. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? => http://www.otrs.com/
-- Regards Arvind
Arvind Kumar wrote:
Sir, I am agree with you, but sometime I need the password of customer to rectify their problem. And for that I need it in original form not in encryped form. please suggest me that how can i get the password in its original form.
You can't. Hashing functions are meant to be one-way functions. The only thing that can be done when a user forgets a password which is stored as a hash is resetting the password. Note that storing the actual password is also a bit of a security risk. Nils Breunese.
I agree. You should use the password reset function and explain to end
users that you don't know their passwords. In the long run, they will
appreciate that. I don't know of a single support desk solution, nor any
networked application that allows 'admins' to display the users current
password.
HTH,
Andy
On 8/28/06 5:46 AM, "Nils Breunese (Lemonbit Internet)"
Arvind Kumar wrote:
Sir, I am agree with you, but sometime I need the password of customer to rectify their problem. And for that I need it in original form not in encryped form. please suggest me that how can i get the password in its original form.
You can't. Hashing functions are meant to be one-way functions. The only thing that can be done when a user forgets a password which is stored as a hash is resetting the password. Note that storing the actual password is also a bit of a security risk.
Nils Breunese. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? => http://www.otrs.com/
--
participants (3)
-
Andy Lubel -
Arvind Kumar -
Nils Breunese (Lemonbit Internet)