user with no password can make themself a password

[Alex-Jordan]

Maybe this is expected behavior, not an issue...

We have the permission to change password set to "student" so they can change their own passwords. There was a student who should be entering their course via LTI. Initially they had no password. They went to Account Settings and accidentally saved a password for themselves.

I'm just wondering if that should not have been permitted. Changing a password is one thing, but creating one is different. The instructor has not set the LTI option to require users to enter from the LMS (for convenience, so the instructor herself can enter with a password). So now this student can also enter using the password they made up. Maybe that is a good thing? My first reaction is that it causes confusion. I would find it simpler to just know with certainty that none of the students have a password.

What do others think?

[somiaj]

My use case I set the $permissionLevels{change_password} to professor to not allow students to change their password. I don't know if treating blank passwords different is needed, because it could be some other setup wants what you describe to allow users access after setting their own password, even if it starts out blank by accessing though LTI. Note I also use LDAP, so my students can access directly using their university password vs having to create their own.

[somiaj]

In this particular use case you describe where students can change their password, are there some students who should be able to change their password and others that cannot. Or is this just a system setting, and some courses should update their configuration to not allow students in that course to change their password forcing them to enter via LTI?

[drgrice1]

I see no reason that no password should be treated any different than having a password. If you don't want students to change their password, regardless of if they have one or not, then set the $permissionLevels{change_password} to a higher permission level than student.

[dlglin]

I see valid use cases for both allowing or not allowing password changes in this scenario.
If an instructor wants to force students to access WW only via LTI, then they should set a higher permission level for $permissionLevels{change_password}.
If an instructor wants to create student accounts via LTI, but then let students log in with a password, they can leave the default.
There is already a comment in authen_LTI.conf.dist about changing this setting if external authentication is disabled.