On ma, 18 maalis 2019, Mateusz O via FreeIPA-users wrote:
Hello,
I want to gave users possibility to change their password, but when I
log in using user from ipausers group I can view others account and
reset their passwords. How to block it? I wan to set everything to
block a normal user from group ipausers view others account (he's able
to see only his account) and reset only his password.
See
https://lists.fedorahosted.org/archives/list/[email protected]/thread/ZL6AOUX3NO6PLHFHLN4V5ZRK2DQIHN52/
Can you expand a bit on the second part of your question? A user other
than being a member of a role that allows to reset others' passwords
cannot reset anyone's but his/her own password.
There is a helpdesk role that gives access to the 'Modify Users and
Reset passwords' privilege. May be your users are members of a such
role?
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
