Password Managment Enhancements

1. An End User can (and should!) change their given password.
2. Passwords should be hidden
3. Privileged users should also have the option of using a password - this way they can access the PTS even if they are not on their 'home' machine i.e. at any time they can log in EITHER with a password OR their certificate
4. PMs and CMs should be able to change (but not see) user passwords.

-- TobyRodwell - 10 Jun 2005

Developer comments

The current version of PTS allows the CM to change a password for the end-customer, but I assume that is not the point. There should be added an action „Change Password” in the end-customer's menu after the end-customer logs into the system. After clicking this action the page containing an input lines „current password”, „new password” and „retype new password” should appear. When the end-customer forgots to lock his computer and he is logged to the PTS system anyone can change his password. That is why a system should ask a user for his current password.

To add „login-password” feature for other PTS users there is a need to:

• Change database schema – add login and password fields to users table
• Migrate existing users to new schema – add login and password for these users
• Change User class and LoginAction^? class – add login password authorization.
• Add functionality to change user passwords by PMs, CMs, and users themselves.

Effort: 3 man/days

-- BartoszBelter - 13 Dec 2005

-- BlazejPietrzak - 13 Dec 2005