Last modified: 2007-03-13 18:13:09 UTC
AFAIK, Auth->allowPasswordChange is documented and coded to validate whether
users (via preferences) are allowed to modify their password in MW.
Examples such as AutoAuth use User::setPassword to force the MW password to an
invalid hash such as 'nologin'
Unfortunately, to do so right now requires that the Auth plugin enable user
password changes, because of this test in User::setPassword (line 1387).
It appears to be appropriate and safe to remove the test completely.
setPassword() accomplishes the correct test, and is already used.
See attached patch.
Created attachment 3347 [details]
Patch to remove bogus allowPasswordChange() test
*** This bug has been marked as a duplicate of 8815 ***