Can't get force user to change password setting to work

[chewynet]

Hi all

Is there some prerequisite for having this setting work in the local users realm. I added in many accounts, gave them all a password of changeme and batch updated their settings from a template user including checking the "User Must Change Password at Next Login". However whenever I log in a user it just accepts the password and shows the default view. I never get redirected to an update password screen.

Am I doing something wrong?

Logs show only

06/19/2009 11:41:06 AM - AUTH LOGIN: User 'allfiz' Authenticated

Thanks
Patrick

[gandalf]

Which version of cacti is used?
What did you perform the "batch update" exactly?
Reinhard

[chewynet]

Hi

Cacti Version 0.8.7d.

I ran the Batch Update to limit the Views the newly created users can have amongst other things, and to apply the check box for "User Must Change Password at Next Login"

It's just that even with this setting checked, the accounts never get asked to change their passwords. There is nothing indicated in Cacti logs or Apache access or error logs that there is a problem. Log verbosity for cacti seems only to be for the pollers.

Cheers
Patrick

[chewynet]

Ok

Figured this out. The relevent script is in auth_login.php:

Code: Select all

if (($user["must_change_password"] == "on") && (read_config_option("auth_method") == 1)) {

However there is only one global setting for auth_method in the Settings Table, currently assigned 3 for LDAP. But we only use LDAP for Internal Admin users. All other view only logins are Local and those are the ones that I want to Force the Pasword Change on first Login.

Easiest solution is to rewrite it such that the Realm is checked whether it is Local or LDAP/Web Auth, as the $realm variable is previously assigned at the /* Process Login */ section on auth_login.php

So

Code: Select all

if (($user["must_change_password"] == "on") && ($realm == 0))

It works for me, but can anyone see any problem with this?

Cheers
Patrick