help logoLON-CAPA Help

For user accounts in LON-CAPA for which the authentication type is set to internal, domain settings are available for: (a) User reset of a forgotten password; (b) Encryption used to store passwords; (c) Rules for password length, complexity and reuse; (d) Course Owner changes to passwords of enrolled students.

Resetting Forgotten Password

Users have been able to reset a forgotten password since LON-CAPA 2.3, by entering username, domain and e-mail address in a web form reached via the "Forgot Password?" link on the log-in page. If the information submitted via the web form matches that stored in LON-CAPA for that user (and the user's authentication type is "internal"), then an e-mail will be sent to the user's e-mail address, containing a time-limited link, which when followed will display a second web form, in which the user enters e-mail address, username, e-mail address, and a new password.

Starting with LON-CAPA 2.11.3 this procedure can be customized in the following ways:

If "Institutional Types" (e.g., faculty, student etc.) have been defined for a domain then some of the customizations can be made dependent on a user's institutional type.

Encryption of Stored Passwords

Rules for LON-CAPA Passwords

Starting with LON-CAPA 2.11.3 requirements can be set for password length, whether special characters or mixed case are required, and how many (if any) previous passwords to save for a user (disallow reuse).

Course Owner Changing Student Passwords

Starting with LON-CAPA 2.11.3 a domain can be configured to allow a course owner to change a student's password, if the following conditions are met:

If "Institutional Types" (e.g., faculty, staff, student etc.) have been defined for a domain then which course owners may change student passwords can be restricted to specific types. In addition, which students may have their passwords changed can also be restricted to specific types.

The default is to not allow Course owners to change a student's password.