[Freeipa-devel] [PATCH] #1814 Enforce old password requirement in ldappasswd operations
Rob Crittenden
rcritten at redhat.com
Thu Sep 22 15:19:50 UTC 2011
Simo Sorce wrote:
> Although we were properly checking that the user successfully
> authenticated (either through a password bind or a GSSAPI bind) we were
> not enforcing the requirement to provide us with the old password, and
> this is better security hygiene.
>
> Fixes: https://fedorahosted.org/freeipa/ticket/1814
>
> Tested and works for me.
>
> Properly requires old password for self password changes. Do not require
> it for admin password changes.
>
> Simo.
>
ack, pushed to master and ipa-2-1
rob
More information about the Freeipa-devel
mailing list