Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Openfire does not honor option to stop password changes

Description

Disabling password changes on the console has no effect. One can still send the IQ packet manually to change their password.

Environment

None

Activity

Show:

Daryl Herzmann 
August 5, 2009 at 10:10 PM

Hehe, I doubt I can challenge your changes! Thanks for the fix.

Gaston Dombiak 
August 5, 2009 at 10:06 PM

I just checked in my version of the fix. Let me know if you are ok with it. Tks.

Daryl Herzmann 
August 5, 2009 at 10:00 PM

Hi Gato,

Thanks for the feedback. You wish for me to commit a patch correcting this or can you do it quick?

daryl

Gaston Dombiak 
August 5, 2009 at 9:56 PM

I think there is a misunderstanding here that lead to an incorrect fix. The system property "register.password" was being used to specify if users can change their password or not. The system property "xmpp.auth.iqauth" was being used to specify if the old IQ authentication method was available or if SASL should be used instead.

Having said that, the error was that the old IQ auth method also allowed to change password and not only authenticate people. AFAIK, the fix would be to modify IQAuthHandler#passwordReset so that it checks on the system property "register.password" to see if users can change their passwords.

Daryl Herzmann 
June 17, 2009 at 3:38 AM

r11076

Fixed

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Priority

Created April 15, 2009 at 4:31 PM
Updated February 1, 2010 at 2:59 AM
Resolved February 1, 2010 at 2:59 AM