The currently assumption is that all IPA users can login into Unix/Linux 
machines to change their IPA password, or reset their expired password. 

 But this is not available all the time, so a more general alternative -- web 
UI -- will be more appreciated. The basic requirements are:

 1, The web UI accept user's passwords, expired is also accepted.
 
 2, the authentication is based on IPA Kerberos.

 3, authenticated regular IPA user can only reset his/her password only.

 4, (bonus) authenticated admin users can alter other users' password as well.


Thanks.

--Gelen
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to