[Freeipa-devel] [PATCH] Initial password setting support
Simo Sorce
ssorce at redhat.com
Tue Sep 11 20:20:41 UTC 2007
On Tue, 2007-09-11 at 15:07 -0400, Rob Crittenden wrote:
>
> Apparently the old password is NOT checked when setting a new one.
> I'm
> not sure if the plugin should do this or we should, or whether we
> just
> let it be as-is.
The old password is not checked in ldap because, in order to change the
password, you have to connect to the ldap server, and that means you
must have already authenticated yourself to the ldap server and you have
to know your password to do that.
The other reason is that the same interface can be used by privileged
users to change other users passwords, in that case they can't know the
other user existing password.
I can change the code of the plugin to test (or even require) for the
old password for self-changes. Is this necessary?
Simo.
More information about the Freeipa-devel
mailing list