[Freeipa-users] Library to change expired password
Rob Crittenden
rcritten at redhat.com
Fri Oct 30 14:43:44 UTC 2009
Dmitri Pal wrote:
>> As Sumit said, the self-service page currently requires kerberos so
>> you'd have to get a TGT first which means you need a valid password.
>>
>> This may not be too difficult to do in a web form (SSL protected, of
>> course). You should be able to create a non-kerberos auth page that
>> prompts for username, old and new password and a submit button. You
>> could pass this onto a a simple backend that does an LDAP bind as the
>> user with the old password then use ldap_passwd() to set the new
>> password.
>
> Is there anything we can leverage from what Pavel has done with non
> kerberos migration page?
> I know this is a completely different case under the hood but for end
> user they seem pretty similar
> so may be there is a way to take advantage of what Pavel already
> implemented.
>
>
It is certainly similar in principal. I need to review Pavel's work a
bit more to determine how much could be leveraged.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20091030/e6dea526/attachment.bin>
More information about the Freeipa-users
mailing list