Tags:
create new tag
view all tags

Feature Proposal: Support Disabled Users in Password Manager

Motivation

People leave an organization, sometimes temporarily. We need a feature where users can be disabled and re-enabled by an administrator.

This feature was already proposed and accepted at SetFlagtoChangePassword; it is externalized here as a separate proposal for documentation purposes and visibility.

Description and Documentation

This proposals adds a "disabled" flag to the users in the HtPasswdUser password manager. The flag can be managed using the UserDataManagementApiAndGUI.

Disabled users can no longer login, change or reset password.

Examples

See UserDataManagementApiAndGUI.

Impact

WhatDoesItAffect: Usability

Implementation

This feature needs to work for template login and apache login. Apache handles login outside of TWiki, so we can't add an additional item to a .htpasswd entry, such as existing e-mail, must-change-password flag and timestamp of last password change. Apache ignores # commented lines, so we can use this to flag a user as disabled.

Example .htpasswd entries, one is disabled, the other not:

#DasyChang:stZiOem26ZhKM:dasy@texample.com:0:1285974739
PeterThoeny:Q5Dqv.BUGMghw:peter@example.com:0:1285750078

The HtPasswdUser user manager reads the file and creates an internal data structure. In that data structure, the user is stored without the #comment, and there is a {disabled} = 1 hash indicating that the user is disabled.

Example data structure:

 $data = {
           'AlexisThoeny' => {
                               'pass' => 'jkpZ4LvkQ8mPY',
                               'disabled' => 1,
                               'pwdChgTime' => 0,
                               'emails' => 'alexis@example.com',
                               'mustChgPwd' => 0
                             },
           'PeterDisable' => {
                               'pass' => 'LjFxrXtRdhjow',
                               'disabled' => 1,
                               'pwdChgTime' => '1285800883',
                               'emails' => 'peter@example.com',
                               'mustChgPwd' => 0
                             },
           'PeterThoeny' => {
                              'pass' => 'Q5Dqv.BUGMghw',
                              'disabled' => 0,
                              'pwdChgTime' => '1285750078',
                              'emails' => 'peter@example.com',
                              'mustChgPwd' => 0
                            },
           'SopanShewale' => {
                               'pass' => '1czFZtdSFrjIo',
                               'disabled' => 0,
                               'pwdChgTime' => '1285753626',
                               'emails' => 'sopan@example.com',
                               'mustChgPwd' => '1'
                             }
         };

-- Contributors: PeterThoeny - 2010-10-02

Discussion

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2010-10-02 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.