Hi James,
I'd add the list of question for just the basic authn_ldap - how do we
support changing samba passwords as well? I know of a number of groups
that use unix and samba passwords in their ldap tree's and as a result the
2 hashes have to be kept in sync with smbpasswd or similar.
Do we want to support AD password changes as well? This gets into a huge
ball of wax which even PAM has had problems with in the past.
I think it makes sense for the configfile method to be changeable via the
web, but other than that, we probably should just add a stub in the other
methods to say "doesn't support changes" or allow the admin to put up a
nice "go <a href=http://singlesignonsite.example.com>here</a> to change
your password"
Just my $0.02
James
On Sun, Oct 30, 2011 at 11:40 PM, James Cammarata <jimi(a)sngx.net> wrote:
commit 29c23fd272cb42650025736d25d7252f67031b54
Author: James Cammarata <jimi(a)sngx.net>
Date: Mon Oct 31 01:34:50 2011 -0500
Adding support for changing passwords from the web interface.
Currently supports authn_configfile only.
As it says above, so far I've only added this to authn_configfile. It
should be possible to add it to any authn module, the only question
being should we? Do we want to allow LDAP users to change their
password from cobbler's interface, or those using pass through? Maybe
we'd need to make this a configurable option, so people can allow that
for any given module if they want?
Anyway, this is just in my github for now, I'll probably move it to
master before long. I have some questions about stability, for
instance is the rewrite of the digest file thread safe? Will multiple
users hitting it from the web interface at the same time cause
problems? Should we make a backup of the digest file just in case
there's an error writing it, so we can revert the change? Things like
that.
_______________________________________________
cobbler-devel mailing list
cobbler-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler-devel