On Thu, 2009-04-23 at 16:46 +0200, Sumit Bose wrote: > > users coming via proxy backend (LEGACYLOCAL) can reset their passwords > without providing a valid old password. This patch should fix this. Ack! Simo.