[Freeipa-devel] Expired passwords cannot be changed via LDAP
Dmitri Pal
dpal at redhat.com
Mon Jun 9 13:08:50 UTC 2014
On 06/09/2014 09:01 AM, Simo Sorce wrote:
>>>>> From: "Martin Kosek" <mkosek at redhat.com>
>>>>> Given all sort of issues we get, I am thinking we should just revert it
>>>>> unless
>>>>> there is a quick fix available.
> Instead of reverting I am thinking we may want to make this optional by adding a configuration parameter that defaults to False for now. Once we can manage better the password change we can turn it on by deault, in the meanwhile admins can choose by themselves the lesser evil.
>
> Thoughts?
>
> Simo.
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
I am also concerned about the OTP flows with this change.
IMO we might not be ready for this change one way or another.
Backing out or adding a default switch turning the feature off works for me.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-devel
mailing list