diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-06-06 14:38:08 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-06-11 23:07:03 -0400 |
commit | d1e695b5d0323167d37eee340718eb5e65138716 (patch) | |
tree | eca31d880051605493df2f6f09cba6730c8f33f0 /ipaserver/plugins/xmlserver.py | |
parent | 34a1dee93420805ba48fbe077b4e2a8cea351151 (diff) | |
download | freeipa-d1e695b5d0323167d37eee340718eb5e65138716.tar.gz freeipa-d1e695b5d0323167d37eee340718eb5e65138716.tar.xz freeipa-d1e695b5d0323167d37eee340718eb5e65138716.zip |
Password change capability for form-based auth
IPA server web form-based authentication allows logins for users
which for some reason cannot use Kerberos authentication. However,
when a password for such users expires, they are unable change the
password via web interface.
This patch adds a new WSGI script attached to URL
/ipa/session/change_password which can be accessed without
authentication and which provides password change capability
for web services.
The actual password change in the script is processed by LDAP
password change command.
Password result is passed both in the resulting HTML page, but
also in HTTP headers for easier parsing in web services:
X-IPA-Pwchange-Result: {ok, invalid-password, policy-error, error}
(optional) X-IPA-Pwchange-Policy-Error: $policy_error_text
https://fedorahosted.org/freeipa/ticket/2276
Diffstat (limited to 'ipaserver/plugins/xmlserver.py')
-rw-r--r-- | ipaserver/plugins/xmlserver.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipaserver/plugins/xmlserver.py b/ipaserver/plugins/xmlserver.py index 4ae914950..bd9eb1fdf 100644 --- a/ipaserver/plugins/xmlserver.py +++ b/ipaserver/plugins/xmlserver.py @@ -25,10 +25,11 @@ Loads WSGI server plugins. from ipalib import api if 'in_server' in api.env and api.env.in_server is True: - from ipaserver.rpcserver import wsgi_dispatch, xmlserver, jsonserver_kerb, jsonserver_session, login_kerberos, login_password + from ipaserver.rpcserver import wsgi_dispatch, xmlserver, jsonserver_kerb, jsonserver_session, login_kerberos, login_password, change_password api.register(wsgi_dispatch) api.register(xmlserver) api.register(jsonserver_kerb) api.register(jsonserver_session) api.register(login_kerberos) api.register(login_password) + api.register(change_password) |