[Freeipa-users] Allow freeipa send password to user
Simo Sorce
simo at redhat.com
Thu Feb 20 13:05:15 UTC 2014
On Thu, 2014-02-20 at 11:29 +0100, Jan Pazdziora wrote:
> On Tue, Feb 18, 2014 at 04:44:30PM -0500, Dmitri Pal wrote:
> > On 02/17/2014 10:51 PM, barrykfl at gmail.com wrote:
> > >Is it possible to set allow password to send to user after user request.
> > >
> > >I used one of the self password service pwm but it seem it is not
> > >compatible to retriveal of password
> > >using cert request / Answer and questions retrieval
> >
> > Passwords can't be sent to the user. You can using administrative
> > account set a new password (i.e. do an admin reset) and send it to
> > the user but then user will be asked to change it on the first
> > authentication.
>
> Since I've heard the requirement for no password change forced on user
> upon their first login from multiple sides, I wonder if the current
> behaviour stems from some technical reason or if it's just a security
> approach which the FreeIPA admins should be able to override.
It is a security measure, and also quite easy to work around.
Working it around is left as an exercise to the reader.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list