[Zope-PTK] Re: Proposal: password policy change

[Steve Alexander]

Bill wrote:
>
> Shane wrote:
> > In order for your plan to work, therefore, we need to
> > provide the option to set a temporary password.  This
> > temporary password would be in addition to the user's
> > normal password.
>
> I have considered that, and doing something like a temporary password would require the 
> use of a scheduler, such as
> Xron. Though a fine product, I want to keep Dependencies down. It already needs ZPatterns 
> and LoginManager.

You would not need to use a scheduler such as Xron in order to implement
temporary passwords.

Let's imagine a minimal user record that implements passwords and
temporary passwords:

User:

  id
  password
  t_password
  t_password_valid_until

Scenario:

User "fred" joins, and sets his password to "h1dd3n".

His record now looks like this:

  id: fred
  password: crypt(h1dd3n)
  t_password: none
  t_password_valid_until: 1970-01-01

Later, on 24 August, fred forgets his password, and chooses to go for a
new temporary password, to be snet to him by email in cleartext.

  id: fred
  password: crypt(h1dd3n)
  t_password: crypt(random_string_of_characters)
  t_password_valid_until: 2000-08-25

If an bad guy has pressed the "I've forgotten my password, mail me a
temporary one", it doesn't matter, as fred can still get in using his
original password "h1dd3n".

After the time is up for the temporary password, it just sits around in
the user record. It will not work, as the login machinery only checks
against t_password if t_password_valid_until is in the future.

If you want to be extra safe, on each login by a user, check if
t_password_valid_until is in the past, and if so, set t_password to none
and t_password_valid_until to 1970-01-01.

For the purposes of this example, I'm assuming that a password of "none"
effectively means "cannot log in using this password".

--
Steve Alexander
Software Engineer
Cat-Box limited
http://www.cat-box.net