[Freeipa-users] delegation questions: how to reset password for subordinate?
David Copperfield
cao2dan at yahoo.com
Sat Dec 29 00:26:05 UTC 2012
Hi Simo,
That works perfectly. Thanks a lot.
--David
________________________________
From: Simo Sorce <simo at redhat.com>
To: David Copperfield <cao2dan at yahoo.com>
Cc: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
Sent: Friday, December 28, 2012 5:51 AM
Subject: Re: [Freeipa-users] delegation questions: how to reset password for subordinate?
On Wed, 2012-12-26 at 15:57 -0800, David Copperfield wrote:
> Hi all,
>
>
> What are the user attributes that A manager should be granted with
> read&write permissions to reset passwords for subordinate employees?
> The typical implementation case: managers need to take care of
> password reset requests for their subordinate employees.
>
>
> I select 'userpassword' field the first time but it fails, then
> combine it with other a few krb* fields but those don't help neither.
>
>
> If you have the minimum field combinations to make the 'password
> changing' delegation work, please feel free to post your results here.
> Presently I just select ALL fields with read&right permissions to make
> it work, but that definitely is a over kill and hurts privacy
> potentially.
You need write access to at least userPassword and krbPrincipalKey.
Simo.
P.S. David, please do not start a new thread by replying to old mails.
--
Simo Sorce * Red Hat, Inc * New York
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121228/781efd46/attachment.htm>
More information about the Freeipa-users
mailing list