Dmitri Pal wrote:
As Sumit said, the self-service page currently requires kerberos so
you'd have to get a TGT first which means you need a valid password.

This may not be too difficult to do in a web form (SSL protected, of
course). You should be able to create a non-kerberos auth page that
prompts for username, old and new password and a submit button. You
could pass this onto a a simple backend that does an LDAP bind as the
user with the old password then use ldap_passwd() to set the new
password.

Is there anything we can leverage from what Pavel has done with non
kerberos migration page?
I know this is a completely different case under the hood but for end
user they seem pretty similar
so may be there is a way to take advantage of what Pavel already
implemented.



It is certainly similar in principal. I need to review Pavel's work a bit more to determine how much could be leveraged.

rob

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to