Fwd: [Freeipa-users] Library to change expired password
Dan Scott
danieljamesscott at gmail.com
Mon Nov 2 03:26:36 UTC 2009
On Sat, Oct 31, 2009 at 12:50, Simo Sorce <ssorce at redhat.com> wrote:
> On Fri, 2009-10-30 at 18:16 -0400, Dan Scott wrote:
>> OK, that makes sense, thanks. But there's still one thing I don't
>> really understand. How do the ipa tools obtain a ticket for the RPC
>> when the password has expired?
>
> They don't, password change is done via kpasswd (or direct connection to
> ldap and ldappasswd operation).
So kpasswd can alter the LDAP directory without a ticket?
Let me check to see if I've got this straight. There are no IPA
specific tools for changing an expired password? It can be done using
kpasswd (Which I really don't understand) or with a simple ldap bind
where the expired password is used for binding? Further, there is no
python library for changing the expired password? Is the above
correct?
The only way that I can see at the moment is to 'manually' alter the
LDAP directory. i.e. Hash the password myself and insert it into the
database. Could someone point me in the right direction for the cn and
hashing algorithm I need to use?
Thanks again for all the replies,
Dan
More information about the Freeipa-users
mailing list