[Freeipa-devel] Feature request: Web UI for IPA users to reset their own expired passwords
Martin Kosek
mkosek at redhat.com
Mon May 21 07:33:49 UTC 2012
On Sun, 2012-05-20 at 02:22 -0700, Gelen James wrote:
> The currently assumption is that all IPA users can login into
> Unix/Linux machines to change their IPA password, or reset their
> expired password.
>
>
> But this is not available all the time, so a more general alternative
> -- web UI -- will be more appreciated. The basic requirements are:
>
>
> 1, The web UI accept user's passwords, expired is also accepted.
Hello Gelen,
Current Web UI allows only users with valid and non-expired password to
log in. There is a ticket logged to improve this:
https://fedorahosted.org/freeipa/ticket/2276
With this change in, users with expired passwords will be able to log in
and change the expired password right after successful authentication.
This feature is planned to be released as a part of FreeIPA 3.0.
>
> 2, the authentication is based on IPA Kerberos.
>
>
> 3, authenticated regular IPA user can only reset his/her password
> only.
>
>
> 4, (bonus) authenticated admin users can alter other users' password
> as well.
All these features are already available in current upstream version of
FreeIPA. For 4), this can be done also by non-admin user that has an
appropriate privilege granted.
Martin
More information about the Freeipa-devel
mailing list