In preparation for the OTRS downtime scheduled for 48 hours starting 14 Sep 2020, English Wikipedia oversighters were preparing to make modifications to the "send to" email. A primary source of OTRS oversight requests on English Wikipedia is via the User:Oversight "Email this user" function, which has been in place for many years. The password for this account has previously been held by the Arbitration Committee, but could not be located today. It was decided to attempt a password reset.
*Password reset was attempted. (verified in log)
*Emailed temporary password was received in the OTRS queue (Ticket#2020091210000913 in the restricted oversight-en-wp queue)
*Went to log in using the temporary password, which was accepted.
*On next screen, where one would enter a new password, the new password was rejected, and a message saying "The supplied credentials cannot be changed, as nothing would use them."
*Several attempts were made, using different browsers, and double-checking the temporary password, with the same results.
With assistance from bawolff and AntiComposite on IRC, it was determined that:
*User:Oversight is not a global account. There are four non-attached accounts with this username, on ENWP, NLWP, DEWP and Simple WIkipedia. From that, it was deduced that the Enwp "User:Oversight" is an unattached local account.
*AntiComposite identifed the applicable code as: https://gerrit.wikimedia.org/g/mediawiki/core/+/d07cccadb45a3c2a4e9fb3fa1c37846c095a7044/includes/auth/AuthManager.php#867
*It was determined that only someone with shell access can assist in this situation.
From the IRC chat:
<bawolff> and we have: $wgAuthManagerAutoConfig['primaryauth'][\MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class]['args']['loginOnly'] = true; <bawolff> in CommonSettings.php, which means that LocalPasswordPrimaryAuthenticationProvider will ignore password change requests <bawolff> and if the account isn't global, central auth won't do anything