[Freeipa-devel] [PATCH] #1814 Enforce old password requirement in ldappasswd operations

Simo Sorce simo at redhat.com
Fri Sep 16 21:30:17 UTC 2011


Although we were properly checking that the user successfully
authenticated (either through a password bind or a GSSAPI bind) we were
not enforcing the requirement to provide us with the old password, and
this is better security hygiene.

Fixes: https://fedorahosted.org/freeipa/ticket/1814

Tested and works for me.

Properly requires old password for self password changes. Do not require
it for admin password changes.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-ipa-pwd-extop-Enforce-old-password-checks.patch
Type: text/x-patch
Size: 3547 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110916/bf0e579e/attachment.bin>


More information about the Freeipa-devel mailing list