Hi all,

 What are the user attributes that A manager should be granted with read&write 
permissions to reset passwords for subordinate employees? The typical 
implementation case: managers need to take care of password reset requests for 
their subordinate employees.

 I select 'userpassword' field the first time but it fails, then combine it 
with other a few krb* fields but those don't help neither.

 If you have the minimum field combinations to make the 'password changing' 
delegation work, please feel free to post your results here. Presently I just 
select ALL fields with read&right permissions to make it work, but that 
definitely is a over kill and hurts privacy potentially.


Freeipa-users mailing list

Reply via email to