Set a password policy
You can only set a password policy if your site is using Phocas authentication.
Configure forgotten password link
The Forgotten password? link on the sign in screen allows a user to either reset their own password or ask the Phocas administrator to do it for them.
If you have configured Phocas to send emails, the Forgotten password? link takes the user to a prompt for their user name. Provided the entered username is valid and has an email address (see Manage users) then the user will be sent an email to a reset password page. For security reasons, if the user name is invalid or there is no email address, a 'fail' message will not appear.
For systems using LDAP/Active Directory authentication, this link will be as specified in the system setting 'LDAPResetPasswordURL'. If nothing is entered in the 'value' field in the system setting, the link will not be displayed.
- The email sent to the user has a link to a password reset page.
- Following the link takes the user to a screen where they can enter and confirm their new password.
If the SMTP settings have not been completed, but there is an entry for the Administrator Email Address under General settings in the configuration screen, the user will be provided with a link to this email address. Clicking this link will open a 'Compose email' window in their default email program. If the SMTP settings have not been completed and there is no entry in the 'Administrator Email Address', then the link will not be shown.
Disable Remember Me? checkbox
It is also possible to use a system setting to remove the Remember Me? checkbox from the login screen.
Force password change
The user maintenance form contains an option to force a user to change their password. When you first create a user, you can set the user up with a simple password (such as a repetition of the username) and then forcing them to enter a new password that conforms to the site Set your Phocas site's password policy. This is only available on non-LDAP sites.
When adding a user
Request auto-generated passwords
When creating new users, there is an option to get the system to generate a random password that complies with the site Set your Phocas site's password policy.This is only available when the site is configured to send emails, when the user has an email address and when the site is non-LDAP. When using this option (see User maintenance form for details) the confirmation email sent to the user will include the connection details including the randomly generated password.
Reset or expire passwords
Prevent non-administrators from changing password
A boolean user setting titled 'PreventUsersFromChangingPassword' will prevent non-administrators from changing their passwords.