Simo Sorce wrote:
Although we were properly checking that the user successfully
authenticated (either through a password bind or a GSSAPI bind) we were
not enforcing the requirement to provide us with the old password, and
this is better security hygiene.
Fixes: https://fedorahosted.org/freeipa/ticket/1814
Tested and works for me.
Properly requires old password for self password changes. Do not require
it for admin password changes.
Simo.
ack, pushed to master and ipa-2-1
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
