Yuri Krysko via FreeIPA-users wrote:
Hello All,
I am familiar with the approach laid out in
https://www.freeipa.org/page/Self-Service_Password_Reset and how we
should use 3^rd -party password reset tools. I’d like to clarify why the
Change Password link is present in user’s profile, as well as admin
users may try to reset their password from Active Users -> <user> ->
Actions -> Reset Password. Also, there’s a way to grant, as I understand
it, write access to various password-related attributes via RBAC -> Self
Service Permissions, which should enable users to update these
attributes. Could someone please clarify if I should be able to change
my own password using UI considering the above?
Yes, a user can change their own password.
An administrative reset requires a user to change it so that only the
user knows their final password.
rob