Q1 . This in my opinion is a bug / security issue.
Anyone can reset any users password just by entering in there username since a new password is auto-generated and sent to the account email. This can cause problems for billing systems like whmcs which connect to an account to create new sub-accounts and will stop it working. Ideally the password should not be reset but a link sent to the account email to then go and reset the password so only the account email owner can reset the password.
Q2. SRV records do not seem to be being created in bind? Are they not supported?
Q1. From what i know A password reset url is possible if the Cloud Storage portal is setup however when a password request is sent the account is automatically locked out untill the password is reset as a security measure.
Please note this will still get WHMCS Out of sync, as to my knowledge the password does never update there.
Q2. I have not tested with bind only with MS DNS, however they are supposed to work. Do you have any dns logs / event viewer logs / audit logs that can help give any clues as to why it’s not working for you?
- Views1121 times
- Answers5 answers