> Include the links to user/password link (Request new password) in the mail.
> Create a user/remind_password link to have that in the mail instead.
> Just send the unencrypted password to the use.
>
Actually I have a client who knows his users so well, that he asked me
to clear-text all the passwords...
Ouch. Let's not go there. That opens up too many very signficant security holes. I hope for your clients' sake that the passwords used are auto-generated and unique to that system.
But if someone has done something similar, =with= encryption/decryption and auto-expiry, I'd love to talk with you.
ari