When creating user accounts for non-LDAP authenticated users, an admin must set the users password and then relay this information to the user. Alternatively, they could create the user account with a generic password and then direct the user to visit the password reset page. These processes seem inelegant and potentially a breach of good security measures (aka - knowing an end users password). Would like the ability (via check-box or toggle option) on the Create User dialog to perform each of the following actions independently: - Automatically generate a password for the user that the admin is unaware of. - Automatically deliver a message to the users email address containing the account details. Ideally, this password would be a single-use password and the user would be forced to change to a password of their choosing upon first login. Once this force change feature is implemented, it would be nice to provide admin and sysadmin users the ability to trigger this from the user management console in the event the user forgets their password.
Comments Jack Ingram I agree with this completely. In fact I sort of expected the solution to have it since it seems like a no brainer and is an elegant way to handle this situation. We don't want to expose this system to LDAP and keep these things fully segregated since they sit out in a DMZ. February 23, 2013, 06:48 Michael Sotirake Agreed, this follows best security practices. April 11, 2013, 07:31 Johan Allard LiquidFiles This will be included in the next major release (v2.3) of LiquidFIles. April 12, 2013, 11:03 Johan Allard LiquidFiles This feature was added in version 2.3. May 15, 2013, 07:26
