-
Leigh B Stoller authored
set the password on their ssl key to something they know, so if they download it, they can use it. But we do not want Geni User to login directly (cause now they know their password), so watch for that on the regular login path and deny it. Also, since the Geni user will not know their password initially, do not require the current password for the first password change, but it is required after that.
7c7d85b3