On Jul 11, 2012, at 3:23 PM, Dmitri Pal wrote:

On 07/11/2012 06:15 PM, JR Aquino wrote:
Note that this is also a future feature planned for 3.x

https://fedorahosted.org/freeipa/ticket/2276


Slightly different issue. This ticket is about allowing you to change
your password when it is expired when one logs into the web UI.
It is a more narrow use case than the mentioned utility.



Hrm. while the pwm tool DOES offer a great deal of other really cool looking 
features, it looks like it was only sited as an example in the BZ, and that the 
core problem described was "self password reset without ssh/kerb/etc)  The 
corresponding fix also seems only to implement only that one feature.

I am interested in the other features that pwm advertises though!  Perhaps I 
will get a free moment to test it out and report back on compatibility.

<BZ snipit>
Benjamin Reed<mailto:ran...@opennms.org> 2011-09-30 14:06:31 EDT

Not a bug per se, but an enhancement request.

While it's possible for a user to reset their own password, it currently 
requires being hooked into some level of "real" account access, like SSH'ing in 
or providing kerberos credentials.  We are using FreeIPA to provide a 
user-management backend for web-based services we are providing to our 
customers, and don't want them to have to configure Kerberos, or SSH into an 
account, just to set their password.

It would be nice to have a "password reset" tool that is accessible securely 
(like over HTTPS) which doesn't require special credentials other than 
knowledge of the existing username and password.  One such example I'll be 
evaluating since there is no built-in facility for this is PWM:

</BZ snipit>

^ That sounds like needing an HTTPS interface to perform self password resets 
on accounts that are expired :)

The detailed notes in the corresponding FreeIPA ticket seem to be in parallel 
as well:

https://fedorahosted.org/freeipa/ticket/1907


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino | Sr. Information Security Specialist
GIAC Certified Incident Handler | GIAC WebApp Penetration Tester
Citrix Online | 7408 Hollister Avenue | Goleta, CA 
93117<x-apple-data-detectors://0/0>
T:  +1 805.690.3478<tel:+1%C2%A0805.690.3478>
C: +1 805.717.0365<tel:+1%20805.717.0365>
jr.aqu...@citrixonline.com<mailto:jr.aqu...@citrixonline.com><mailto:jr.aqu...@citrixonline.com>
http://www.citrixonline.com<http://www.citrixonline.com/>

On Jul 11, 2012, at 11:59 AM, KodaK wrote:

Has anyone rolled out a self-service password reset utility for IPA?
If so did you use something off the shelf that speaks LDAP or roll
your own?

I'm looking at this:

http://code.google.com/p/pwm/

But I'm just starting down this path.

Thanks,

--Jason

--
The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to