Release of MMC-CORE 3.0.4 and MMC-CHECK-PASSWORD 3.0.4

This release feature a new "password reset" feature, many password policies improvements and other bugfixes.
Added by Jean-Philippe Braun almost 3 years ago

New enhancements for this release

  • Allow users to reset their password with a token based authentication (#1687)
  • Password complexity hints when users change their password
  • Show on the user edit page if the password if expired or if user is in grace login mode
  • New MMC contrib scripts mmc-check-expired-passwords and usertoken-example in /usr/share/doc/python-mmc-base/contrib/scripts
  • Audit logs can be sent to syslog servers

Password reset feature

If enabled a "Forgot your password" link is shown on the MMC login page. When the user ask to reset his password the MMC usertoken hook is run. The usertoken hook needs to send to the user a link in the form http://SERVER/mmc/token.php?token=<TOKEN>. With this link the user will be able to login in the MMC and access the "Password reset" page. The ACL for this page must be set on the user.

In the server configuration in /etc/mmc/mmc.ini you have to set the option forgotPassword to yes for the link to be displayed.
Then the usertoken hook must be setup in /etc/mmc/plugins/base.ini. Check the documentation on MMC hooks.
A example script for this hook is available in /usr/share/doc/python-mmc-base/contrib/scripts or directly in the repository

Password policy enhancements

With the new release of mmc-check-password, the password complexity checks can now be configured in /etc/mmc-password-helper.ini.

When a user fails to change his password in the MMC interface hints are displayed to tell the user what is wrong with the supplied password: the password doesn't contain a number, an upper case char etc...

The contrib cron script mmc-check-expired-passwords can be used to alert users if their password has expired. It can also reset the password if the it has expired and can't be changed by the user.

Other enhancements / bugfixes

  • Bug #1558: Broken user / group lists under IE7
  • Bug #1691: Bad mmc-agent PID file handling
  • Bug #1706: Previous - Next listing behavior
  • Feature #1594: Use localized languages labels on MMC login page
  • Feature #1671: Man pages for mmc-agent, mmc-helper and mmc-password-helper