On Fri, Jan 16, 2015 at 02:56:42PM -0500, Boris Epstein wrote: > I guess the question still remains, what is the rational behind me being > unable > to do so just as a user with admin privileges.
RT requires an admin password to change another password so that nobody can trick you into clicking on a link that would change (say root's) password. This was further mitigated by CSRF protections, but still seems like a reasonable security precaution. RT does not know your password when you use RT-Authen-ExternalAuth, thus it cannot require you to enter it. RT-Authen-ExternalAuth could be extended to make that additional query and support it, however, that's nontrivial development and not currently planned. If it's something you require, patches are welcome, or I'm happy to put you in touch with sales. -kevin > Here is a discussion I found on the topic: > > [5]http://www.gossamer-threads.com/lists/rt/users/99177
pgpZLmG_o_jUi.pgp
Description: PGP signature