I forgot my password
iTop provides a mean for the end-users to regain access to iTop… without bothering an administrator.
Workflow
A new link, at the bottom of the login form, allows the end-user to regain access to iTop.
The end-user gives his/her login identifier.
iTop searches for the corresponding account, and sends an email.
The user gets the email
The user clicks on the given link, and get a form to change the password (the old password is -for sure!- not requested, as opposed to the standard form to change a password).
Security concerns
The link given to the user is a single usage link.
If the user attempts several times to reset his password, then only the latest link will be valid.
Configuration
As the features relies on sending emails, you must first ensure
that iTop has the capability to send emails. To check if it
currently working, use the page /setup/email.test.php
.
To configure emailing, see Email configuration. Please note
that such emails are sent synchronously even if the emails are
configured to be sent asynchronously.
Moreover, the feature relies on the accounting data:
-
The user must be of type iTop user (it will not work for LDAP users)
-
A contact must be associated to the user
-
The contact must have a valid email configured
If none of your users will benefit from the feature, then you
can disable it by setting the forgot_password
parameter to false in the iTop configuration file. In such a case,
the hyperlink will disappear from the login page.
forgot_password_from
in the Configuration
file, the sender of the “forgotten password” email, will be the
recipient's email address, which can be filtered as spam by some
email servers.