[Freeipa-users] self service password reset
JR Aquino
JR.Aquino at citrix.com
Wed Jul 11 23:16:47 UTC 2012
On Jul 11, 2012, at 3:23 PM, Dmitri Pal wrote:
On 07/11/2012 06:15 PM, JR Aquino wrote:
Note that this is also a future feature planned for 3.x
https://fedorahosted.org/freeipa/ticket/2276
Slightly different issue. This ticket is about allowing you to change
your password when it is expired when one logs into the web UI.
It is a more narrow use case than the mentioned utility.
Hrm. while the pwm tool DOES offer a great deal of other really cool looking features, it looks like it was only sited as an example in the BZ, and that the core problem described was "self password reset without ssh/kerb/etc) The corresponding fix also seems only to implement only that one feature.
I am interested in the other features that pwm advertises though! Perhaps I will get a free moment to test it out and report back on compatibility.
<BZ snipit>
Benjamin Reed<mailto:ranger at opennms.org> 2011-09-30 14:06:31 EDT
Not a bug per se, but an enhancement request.
While it's possible for a user to reset their own password, it currently requires being hooked into some level of "real" account access, like SSH'ing in or providing kerberos credentials. We are using FreeIPA to provide a user-management backend for web-based services we are providing to our customers, and don't want them to have to configure Kerberos, or SSH into an account, just to set their password.
It would be nice to have a "password reset" tool that is accessible securely (like over HTTPS) which doesn't require special credentials other than knowledge of the existing username and password. One such example I'll be evaluating since there is no built-in facility for this is PWM:
</BZ snipit>
^ That sounds like needing an HTTPS interface to perform self password resets on accounts that are expired :)
The detailed notes in the corresponding FreeIPA ticket seem to be in parallel as well:
https://fedorahosted.org/freeipa/ticket/1907
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino | Sr. Information Security Specialist
GIAC Certified Incident Handler | GIAC WebApp Penetration Tester
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117<x-apple-data-detectors://0/0>
T: +1 805.690.3478<tel:+1%C2%A0805.690.3478>
C: +1 805.717.0365<tel:+1%20805.717.0365>
jr.aquino at citrixonline.com<mailto:jr.aquino at citrixonline.com><mailto:jr.aquino at citrixonline.com>
http://www.citrixonline.com<http://www.citrixonline.com/>
On Jul 11, 2012, at 11:59 AM, KodaK wrote:
Has anyone rolled out a self-service password reset utility for IPA?
If so did you use something off the shelf that speaks LDAP or roll
your own?
I'm looking at this:
http://code.google.com/p/pwm/
But I'm just starting down this path.
Thanks,
--Jason
--
The government is going to read our mail anyway, might as well make it
tough for them. GPG Public key ID: B6A1A7C6
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list