[
https://issues.apache.org/jira/browse/AMBARI-25238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Balázs Bence Sári resolved AMBARI-25238.
----------------------------------------
Resolution: Duplicate
Duplicate of AMBARI-25201
> Updating a user's password does not validate the administrator's current
> password.
> ----------------------------------------------------------------------------------
>
> Key: AMBARI-25238
> URL: https://issues.apache.org/jira/browse/AMBARI-25238
> Project: Ambari
> Issue Type: Bug
> Affects Versions: 2.7.0
> Reporter: Balázs Bence Sári
> Assignee: Balázs Bence Sári
> Priority: Major
> Fix For: 2.7.4
>
>
> When updating a user's password as an Ambari Administrator via the UI, the
> acting administrator user is prompted for their password...
> The password is never validated by the backend to end sure it is correct for
> the acting user. To keep consistency with 2.6 line, the password of the
> acting user should be verified.
> The current implementation does require that if the acting user is not an
> Ambari Administrator user, the acting user may only change their own password
> and must supply their current password as well as the new password:
> Example:
> {noformat}
> curl -H "X-Requested-By:ambari" -u user_a:hadoop -X PUT -d '{ "Users" : {
> "old_password" : "hadoop", "password" : "hadoop_1234" } }'
> http://localhost:8080/api/v1/users/user_a
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
