2 Replies Latest reply on May 29, 2008 11:52 AM by herqpapa

    New user forced to change password

    herqpapa

      Hi,

      I am using portal 2.6.2 on a Sun box with MySQL backend.

      I have to implement a feature which is required by ISO 9001 Security Cert. New users must be forced to change their password on first login.
      I've been reading through the portal docs and the jboss wiki but it seems it is not a default feature provided by the Portal.
      My question: could anybody suggest a quick resolution for my problem? I mean any reliable third party portlet or framework or any examples?

      Thanks in advance!

      H.

        • 1. Re: New user forced to change password
          peterj

          Are you using the database-based security mechanism built into Portal? If so, then before the user can login, the user must register and provide a password as part of that registration. Would that not qualify as "changing the password on first login" as required by ISO 9001?

          I know that the inspectors can be a little anal, but it is worth asking. Usually the "change password" requirement assumes that someone else, such as the Portal or a Portal admin, created the login id along with a temporary password.

          • 2. Re: New user forced to change password
            herqpapa

            Users cannot register but their account is created through the default admin module. Therefore the password is a password created by the admin. Unfortunately the provided email validation does not qualify. I have to implement a forced password change on first login. It was silly that I did not mention it in my previous post.
            I was hoping to save development time with an off the shelf solution but it seems I will have to develop it.