Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By yavan on
Hi , we have just installed drupal 4.7 , and so far it looks good and meets our needs.
but as this drupal system will serve as a school portal i need to give teachers access as writers so they will have a free method to add and edit content to the portal with the correct group perrmissoins in mind.
the problem is that teachers sometimes let students know their password so they can help them with writting content to the porrtal. those students later on let other students know the teachers password and so on untill students just login to the portal with the teaches user/password and earising or editting content.
in order to reduce this damedge risk to the portal i need to be able to have "password expires" and "grace logins" i looked in the moudule section but couldent find anything to match my needs.
also the default drupal cms system does not seem to support this need.
i will be happy to adopt any idear & solution to this need.
all guidelines are welcome
Ami.A
school Admin.
Comments
great suggestion!
coming from a world of VMS I found even Linux pretty insecure when it comes to password management... and Drupal is still much more inmature when it comes to those requirements.
so IMHO Drupal 4.7 doesn't have such features out-of-the-box, but I would be very interested to hear about your solution or the patches/modules for this.
Looking forward to more replies...
christoph
--- http://www.cemper.com
--- http://weblog.cemper.com
--- http://www.marketingfan.com
Hmmm...
Thinking out loud...
From what I know of Dupal the addition of a password expiry time for each user would involve a fair amount of work. Unless another developer has a specific need for the feature I think you are unlikely to see anything along these lines developed or added for some time. Especially as, in your case and being frank, I would describe the problem as 'user error'.
If I might make some suggestions...
Tell your teachers that they are NOT to give their passwords to students.
If students help with creating content, then fair enough, give them their own accounts and passwords.
These two suggestions will immediately place some accountability on your users, and allow you to track and control specific user's actions, be they staff or students.
If you become aware that a password has been given out, go to administer > users, edit the user concerned and change their password. The real user will be able to request a new password by email when they find they cannot login.
If you get complaints then send them packing with a reminder about not giving out passwords ringing in their ears!
Hope this helps.
First of all: Sharing
First of all: Sharing accounts is evil and your user policy should specifically disallow that. Rather create accounts for the students who want to help. Account and accountability have a lot in common.
Second, it would be rather easy to write a custom module that resets passwords once in a while.
--
Drupal services
My Drupal services
--
Drupal services
My Drupal services
thanks for all replayers
thanks for all replayers also there is no technical solution yet only human interact.
there is somthing that has cross my mind.
in the module section there is one (i dont remember the name) to work with LDAP
since i have openldap on my openSuSe repository is it possiable to inst this module on drupal then
to open all users on "openladp" insted "passwd" so the drupal cms will auto sync with openldap user database.
and on the openldap to enable the wanted "password expire" and "grace login"
will it work ?
Ami.A