We are using the new Internet password functionality on our R6 server for authorization. We are using ?ChangePassword to allow users to request to change their passwords. What we need now is to allow the Help Desk to reset/change a user’s password when they forget it without the Help Desk going directly into the address book. ?ChangePassword wants the “old” password, but that is not known. Is there a way to get around this, but still let R6 do the password validation? i.e. just change the password like one would if they were in a NAB (I assume changing the password in a NAB uses the password quality settings.
I don’t know exactly how the passwords get salted, but it’s certainly possible to set up an application that’ll update the relevant field in the Address Book, reprocess the document, and save it.
You’d need to build an agent that’ll run with enough privileges to do this, though. And once you build it, you’ll need to have it protect itself awfully heavily, so no one can drop into the agent and change the President’s password (or everybody else’s). But sure, it can be done.
Thanks for the response. So I would still have to do my own password checking (length etc. in the form and on save run an agent (I have one already) to do the update. There is no way I can directly integrate with the new stuff R6 gives us.?