blob: 5bcdd6ca701db7c27a70c6908cc65b1d522d9705 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
* Handle KRB5_KDB_REQUIRES_PWCHANGE in entry->attributes so that ipa-pwd-extop
can use it too.
* Change ipa-pwd-extop to be able to properly read a krbMKey with multiple values
* In change_pwd properly handle keepold if mkvno differs
Pwd change behavior and kadmind/kadmin.local:
* How to detect/allow password changes for users based on ACIs in LDAP ?
CANNOT, Only own password changes will be allowed
* How to allow admin to always change pw but mark the pw as expired ?
NOT via kadmin
FUTURE:
add code to handle change of masterkey by adding new krbMKey and having
ipa-pwd-extop start a task to re-encode keys. Possibly do that with a special
extended operation.
|