The currently assumption is that all IPA users can login into Unix/Linux 
machines to change their IPA password, or reset their expired password. 

 But this is not available all the time, so a more general alternative -- web 
UI -- will be more appreciated. The basic requirements are:

 1, The web UI accept user's passwords, expired is also accepted.
 2, the authentication is based on IPA Kerberos.

 3, authenticated regular IPA user can only reset his/her password only.

 4, (bonus) authenticated admin users can alter other users' password as well.


Freeipa-devel mailing list

Reply via email to