- From: Greg Stein <gstein@lyra.org>
- Date: Thu, 25 May 2000 16:44:12 -0700 (PDT)
- To: Dan Burton <DPBURTON@novell.com>
- cc: "<" <w3c-dist-auth@w3.org>
IMO, changing passwords is out-of-scope of WebDAV. There are too many authentication systems and mechanisms out there, with too many variant requirements for changing passwords. While it would certainly be possible to create an HTTP-based protocol for changing passwords, that seems to be an issue between the client and the authentication system (which is probably separate from the web server). YMMV Cheers, -g On Thu, 25 May 2000, Dan Burton wrote: > This may be an issue that has scope beyond WebDAV, however the > problems we are having are WebDAV related. Also I believe this is an > issue that is more important to WebDAV then it is to the http protocol > in general. > > We need to have the ability to expire passwords to force users to > change passwords. When a users password is expired they are given a > number of grace logins. For normal http access, when a user on grace > logins the web server can redirect them to a page that allows them to > change their password. However, when using WebDAV clients (in > particular web folders, and Office 2000) the redirect to a page to > change passwords does not work. Given that a WebDAV client may not be > a browser and therefore may not know how to display html there needs > to be another solution for expired passwords. > > It seems to me that this could be something the WebDAV group could > address. Maybe an addition to WebDAV that allows for notification that > the users account needs to be updated (password changed) and a method > of changing updating user account information. > -- Greg Stein, http://www.lyra.org/
Received on Thursday, 25 May 2000 19:44:45 UTC