> > As Sumit said, the self-service page currently requires kerberos so > you'd have to get a TGT first which means you need a valid password. > > This may not be too difficult to do in a web form (SSL protected, of > course). You should be able to create a non-kerberos auth page that > prompts for username, old and new password and a submit button. You > could pass this onto a a simple backend that does an LDAP bind as the > user with the old password then use ldap_passwd() to set the new > password.
Is there anything we can leverage from what Pavel has done with non kerberos migration page? I know this is a completely different case under the hood but for end user they seem pretty similar so may be there is a way to take advantage of what Pavel already implemented. -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users