Last modified: 2014-09-02 10:25:34 UTC
RT has no password recovery system, making it impossible to figure out if you have an account or what your password is if everybody thinks you have an account and says you should be able to look at something in there but it turns out you don't have an account. This is a transparency problem in general, but it's pretty aggravating within the company as well -- had to ask around for a while before found Ben who thinks he can set me up an account.
I have a friend who just started working for Best Practical. Maybe he can give us some help.
Hi Brion, The RT extension RT::Extension::ResetPassword may suit your needs: https://metacpan.org/release/RT-Extension-ResetPassword Also, the bug tracker for RT can be found here: http://www.bestpractical.com/rt/issues.html Thanks, Jason
So..... I could use this feature again, it seems.
Ryan suggests that RT should be hooked up to LDAP (cf bug 30414 -- but probably switch it over to the Labs LDAP?) which could obviate the need for a separate pass reset for RT specifically.
Still waiting on this. Ryan Lane says he has no admin access on RT to do password resets manually; Mark referred me to CT.
Adding CT, Ryan, and Mark as CCs.
Brion, i have reset your RT password manually and sent it to you via gpg encrypted mail. Used one of your keys i found on a keyserver, tell me if that doesn't work.
You *can* reset your password: https://rt.wikimedia.org/NoAuth/ResetPassword/Request.html (perhaps it was added in a rt update)
The extension that provides that functionality is https://github.com/bestpractical/rt-extension-resetpassword and it needs to be packaged and installed (as well as tested with the new version of RT). There's another approach to password resets here: http://requesttracker.wikia.com/wiki/PasswordReset and implemented here: https://gerrit.wikimedia.org/r/#/c/71719/3 but this is not currently functional, since it's intended for 'external' (non privileged) users only. I could comment out the lines that make that check, but I'd prefer to go with the other extension because of how password resets are handled. In the extension on github, the user requests a password reset by providing their email address, is sent a url with a token, and after following that url, enters the new password which is then validated and saved. This I believe is what was installed previously, at least it has the path referenced in comment 8. In the wikia code, the user requests a password reset the same way but RT immediately sets the password to a random string and emails the user with that password. I like the second approach less, since it permits someone other than the user to actually change the password (even though the user is notified of the change), and the password is sent via plaintext email. Neither of those things excite me very much.
Err, the wikia extension is intended for internal (privileged) users only, I meant to say.
I'm also getting blank password and hence I can't see the linked ticket ;)
