We're updating the issue view to help you get more done. 

Openfire does not honor option to stop password changes

Description

Disabling password changes on the console has no effect. One can still send the IQ packet manually to change their password.

Environment

None

Acceptance Test - Entry

None

Activity

Show:
Daryl Herzmann
June 17, 2009, 3:38 AM

r11076

Gaston Dombiak
August 5, 2009, 9:56 PM

I think there is a misunderstanding here that lead to an incorrect fix. The system property "register.password" was being used to specify if users can change their password or not. The system property "xmpp.auth.iqauth" was being used to specify if the old IQ authentication method was available or if SASL should be used instead.

Having said that, the error was that the old IQ auth method also allowed to change password and not only authenticate people. AFAIK, the fix would be to modify IQAuthHandler#passwordReset so that it checks on the system property "register.password" to see if users can change their passwords.

Daryl Herzmann
August 5, 2009, 10:00 PM

Hi Gato,

Thanks for the feedback. You wish for me to commit a patch correcting this or can you do it quick?

daryl

Gaston Dombiak
August 5, 2009, 10:06 PM

I just checked in my version of the fix. Let me know if you are ok with it. Tks.

Daryl Herzmann
August 5, 2009, 10:10 PM

Hehe, I doubt I can challenge your changes! Thanks for the fix.

Assignee

Gaston Dombiak

Reporter

Daryl Herzmann

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Blocker
Configure