>> A more urgent need is to change the password feature in User Manager slightly. We want to convert all of our Internet email to Telefinder, but our director of Information Services has a problem with it because it is easy to view passwords in usermanager. Eventhough mailboxes would still be accessible via the harddrive, blocking out passwords from even the sysop would be helpful. <<
Many people believe there is no need for the system administrator to see user passwords, if they still retain the authority to (re)set them.
The only problem arises when a user known to the administrator asks the administrator to tell them what a lost/forgotten password is so they can continue using the system under their existing account. Under the proposed chang to UM, the administrator will not be able to give them any clues as to what the password is/was, but can reset it to some other value. What is lost is the ability of the admin to give the user that "subtle hint" that only they would know to determine forgotton password for themeselves. An admin who does not know his users probably cannot take good advantage of this.
The risk is that a person who is not the user, tricks the admin into changing the password, giving them access to the unsuspecting user's account and inturn denying them legitimate access to their account because they do not know about the password change. You should ensure that your director understands ana accepts this tradeoff. Before TF is changed to support this, I think all sysops should understand it also.
On a side note, Rusty has implemented a passwd change facility into a TF plug-in. I provide this capability on my site and am worried about it and in plain text logins in general. I really wish a method to prevent inadvertent disclosure of the login/password pair by packet sniffers was in place. The same protection should be in place for all TCP connection methods (Telnet, http, etc)
>> I do not want access to how my clients set up their passwords. Many people use the same password on multiple servers. I want to keep the ability to change the password though.
I'm pleased that our adminstration agrees it is worthwhile to upgrade Telefinder to an unlimited node license. We are also going to purchase the Mail Plugin for Highlander. <<
Good for you! I hope that FC got thrown out on their ears... --- Daniel O'Leary, Sysop KloneZone Mac - A TeleFinder 5.6 BBS * TFDEV Network Hub 532 Verna Trail North, Fort Forth TX USA 76108 Voice=> (817)367-2558 Dial-In=> (817)367-2712 Fido=> 1:130/1015 TFNet=> klonezone.tfnet.org Inet=> kz.eaze.net www=> http://kz.eaze.net
