** Using WeBWorK **

What about this....I can set up a separate system to handle account and password management and then have that separate server app do that necessary work on the command line when talking to WebWork?

Maybe this is a basic thing that automatic account generation techniques deal with, but I worry about a malicious user creating thousands of accounts to execute a DoS attack. This is what stopped me from pursuing this kind of idea earlier this year. I didn't want to get into how I would prevent that kind of thing and how I would do testing to confirm that it worked.

For password resetting, I just have an tangential comment/observation to share. These days, when a student tells me that their password isn't working, 9 times out of 10 it is actually their user_id that is incorrect, because they are using a smartphone or tablet or something that wants to autocapitalize their login name. For some, even manually correcting this auto capitalization can leave a space character at the end of the user name, which will also be rejected. I wonder if there is a way to tag the login field in a way that will prevent the phone browsers to auto capitalize.