Re: [Freeipa-users] Change Password From Web App
On Wed, 2009-08-12 at 13:30 +0200, Mark Hannessen wrote:
> Thank you very much,
> Sounds perfect to me.
>
> I am however still running into a problem.
> I tried changing the password using MD5
>
> $coded = array('userpassword' => "{MD5}" . base64_encode( pack( "H*", md5(
> $newpassword ) ) ) );
>
> And using CLEAR
>
> $coded = array('userpassword' => "{CLEAR}$newpassword");
>
> But both resulted into my user not being able to login in anymore.
> What kind of input does freeipa expect for userpassword?
The preferred method for changing the password is to use the
ldappassword operation.
Alternatively just add the plaintext password w/o any prefix.
Simo.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Change Password From Web App
Thank you very much,
Sounds perfect to me.
I am however still running into a problem.
I tried changing the password using MD5
$coded = array('userpassword' => "{MD5}" . base64_encode( pack( "H*", md5(
$newpassword ) ) ) );
And using CLEAR
$coded = array('userpassword' => "{CLEAR}$newpassword");
But both resulted into my user not being able to login in anymore.
What kind of input does freeipa expect for userpassword?
Kind Regards,
Mark Hannessen
On Tuesday 11 August 2009 04:26:28 pm Rob Crittenden wrote:
> Mark Hannessen wrote:
> > Hi List,
> >
> > Does anyone know if it is possible to change the password of a use from
> > an web application other then FreeIPA itself?
> >
> > In some of the web apps we have we want to integrate the ability for
> > users to change their password. But since FreeIPA uses kerberos as well,
> > i am not sure how safe it would be to do this directly through LDAP.
> >
> > Does anyone have any hints on how to best approach this?
>
> Whenever a password is changed we update all passwords (LDAP, kerberos,
> etc). So you can do a password change over LDAP and this will also
> update the kerberos key.
>
> If you change another user's password (e.g. admin reset) then that user
> will need to change their password on the first kinit. You can change
> your own password without requiring a reset.
>
> rob
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Change Password From Web App
Mark Hannessen wrote: Hi List, Does anyone know if it is possible to change the password of a use from an web application other then FreeIPA itself? In some of the web apps we have we want to integrate the ability for users to change their password. But since FreeIPA uses kerberos as well, i am not sure how safe it would be to do this directly through LDAP. Does anyone have any hints on how to best approach this? Whenever a password is changed we update all passwords (LDAP, kerberos, etc). So you can do a password change over LDAP and this will also update the kerberos key. If you change another user's password (e.g. admin reset) then that user will need to change their password on the first kinit. You can change your own password without requiring a reset. rob smime.p7s Description: S/MIME Cryptographic Signature ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Change Password From Web App
Hi List, Does anyone know if it is possible to change the password of a use from an web application other then FreeIPA itself? In some of the web apps we have we want to integrate the ability for users to change their password. But since FreeIPA uses kerberos as well, i am not sure how safe it would be to do this directly through LDAP. Does anyone have any hints on how to best approach this? Kind Regards, Mark Hannessen ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Change Password From Web App
Hi List, Does anyone know if it is possible to change the password of a use from an web application other then FreeIPA itself? In some of the web apps we have we want to integrate the ability for users to change their password. But since FreeIPA uses kerberos as well, i am not sure how safe it would be to do this directly through LDAP. Does anyone have any hints on how to best approach this? Kind Regards, Mark Hannessen ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
