We use ipa on our red hat boxes and have recently installed a SAS suite/servers 
for a contract.  Their users are a mix of internal/external associates.  
Integrating with this ipa was straight-forward.  Their application is able to 
use pam, but their logon manager is limited as it does not support ids that 
have expired or need reset.  For security reason, some which are IDM UI 
related, we cannot expose the web app for those users to reset their passwords. 
 So investigating a little bit, we found a few options but I wanted to solicit 
any feedback for anyone who has been there done that.



We have the process working via the /ipa/session/change_password via a python 
script which we could form feed.  At the same time I see that there is already 
a reset_password form, javascript created.  So I don't know that this is even 
necessary.  However, I have found that hosting those in a web server isn't 
working and one person believes that could be related to the wrong ldap 
hostname.



Anyway just wanted to see if anyone has faced this before. Thanks.



Shaun McAdams
National Government Services
Health IT : CPI-Predictive Modeling
(o) - 317.595.4905 / x2004905
(c) - 317.430.9845



CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information or otherwise be protected by law. Any
unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail
and destroy all copies of the original message.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to