Password Reset
Odeion does not send email. Password resets work through one-time reset links that an admin (or the server operator) generates and hands to the user out of band.
Admin-Generated Reset Links
Section titled “Admin-Generated Reset Links”An admin generates a reset link for any user from Admin > Users. The token is valid for 24 hours by default, can be redeemed once, and stops working the moment it is used.
Give the link to the user through whatever channel you trust. Anyone holding the link can set the account’s password, so treat it like a temporary credential.
Redeeming a Reset
Section titled “Redeeming a Reset”Opening the link presents a form to set a new password (minimum 8 characters). Redeeming a reset does not sign the user in and does not revoke their existing sessions.
CLI Reset
Section titled “CLI Reset”When the only admin is locked out and nobody can issue a link through the UI, use the CLI on the server host:
odeion reset-password <username>odeion reset-password alice --expires-in=1hThe command prints the reset token, its expiry, and (when the base URL is configured) a complete URL to open in a browser. Two things make the CLI different from the admin UI flow:
- It needs no authentication beyond shell access to the server.
- If the account is locked, the lock is cleared at the same time.
See the CLI Reference for flags.
Resets and Locked Accounts
Section titled “Resets and Locked Accounts”A reset link issued from the admin UI does not unlock a locked account; the user could set a new password and still be unable to sign in. Unlock the account in Admin > Users first, or use the CLI command, which does both. See Rate Limiting and Account Locking.