[Freeipa-devel] [PATCH] 274 Password change capability for form-based auth
Martin Kosek
mkosek at redhat.com
Wed Jun 6 13:05:54 UTC 2012
You can use the attached script (changepw.py) to test the PW change
interface from command line (on IPA server).
---
IPA server web form-based authentication allows logins for users
which for some reason cannot use Kerberos authentication. However,
when a password for such users expires, they are unable change the
password via web interface.
This patch adds a new WSGI script attached to URL
/ipa/session/change_password which can be accessed without
authentication and which provides password change capability
for web services.
The actual password change in the script is processed with kpasswd
to be consistent with /ipa/session/login_password.
Password result is passed both in the resulting HTML page, but
also in HTTP headers for easier parsing in web services:
X-IPA-Pwchange-Result: {ok, invalid-password, policy-error}
(optional) X-IPA-Pwchange-Policy-Error: $policy_error_text
https://fedorahosted.org/freeipa/ticket/2276
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-274-password-change-capability-for-form-based-auth.patch
Type: text/x-patch
Size: 10223 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120606/1abd3a85/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: changepw.py
Type: text/x-python
Size: 1271 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120606/1abd3a85/attachment.py>
More information about the Freeipa-devel
mailing list