Password notification tickets are generated when the Domain administrator creates a new user account and checks the Email containing password ticket checkbox or when the user requests one by clicking on the New password button on the Login page. Password notification tickets remove the complexity of assigning passwords to each new user or to users who have forgotten their password from the Domain admin. They can also remove the security concerns of sending passwords through email in plain text
Once a password notification ticket is generated it remains valid until one of the following criteria has been met:
If there are any password notification tickets outstanding a Outstanding password tickets link will appear in the left navigation menu on the Administration tab. Clicking the link will take you to the Outstanding password tickets page where you can manage the currently active password notification tickets.
The Outstanding password tickets page provides a list of all user accounts with outstanding password notification tickets. Each user account is presented with the account creation date, date of last modification and a drop down list that allows you to take action on the notification ticket associated with that user.
When and how you choose to manage outstanding password tickets is at your discretion. You can use the Outstanding password tickets page to identify users who may be experiencing problems logging in or have bad email addresses as well as to monitor any possible dead accounts on your system. If you suspect that you have dead accounts with outstanding password tickets, you may consider deleting the accounts from your site. Keep in mind, until a password notification ticket is deleted, it can be used at any time to access your site.
An Outstanding password ticket hyperlink is displayed in a Administration menu when no password has been set for the user. When you click the link it takes you to the Outstanding Password Tickets page which lists all the tickets that are open. In typically general circumstances, each open ticket entry is removed when the user sets a password. However, in certain cases, when a user does not set a password at all, the link is removed automatically after the lapse of a specified period of time. The expiration period applies to all outstanding tickets. This avoids unnecessary clutter in the Outstanding Passwords Tickets Page when outstanding password tickets don't get validated.
Initially all sites will have the password tickets expiration period disabled. Once you establish this policy of setting the time period for your site, then the password tickets will expire after the specified time period.
Note: Once you implement this policy in your domain, the configuration change will expire all the outstanding password tickets. You may wish to reissue all the outstanding password tickets prior to changing the policy, or they may wish to have users re-apply for accounts.
To set the time period for the expiration of the ticket:
An email is sent to the user asking the user to set a password at the time when the user account is created if no password is set at the time of the user account creation. An email is also sent if the user requests a new password. This email carries the URL the user needs to click to set the password. Once the expiry time period has been determined, this email will carry the date until which the URL is valid. This depends on the expiry time period set. For example, if you have set the expiry time period to 10 days and you open a user account on January 1st 2005 at 10. a.m., the email sent to the user requesting a password be set for the account will read "The above URL is valid only until January 10, 2005 10:00:00 AM GMT" in the time format that has been set by the host administrator.
Note: -The email will not have the validity date if the expiry option is disabled (set to 0).