summaryrefslogtreecommitdiffstats
path: root/README
diff options
context:
space:
mode:
authorJan Pazdziora <jpazdziora@redhat.com>2015-04-24 10:16:06 +0200
committerJan Pazdziora <jpazdziora@redhat.com>2015-04-24 10:16:06 +0200
commit2de8600b1118e3632eae41bcbeb9f0393178ab55 (patch)
treeb096295d3533024c714ec7aa9fedb8575be009bf /README
parentdb6c9f4a414ed19419c1405854cd8da1e18e819f (diff)
downloadmod_authnz_pam-2de8600b1118e3632eae41bcbeb9f0393178ab55.tar.gz
mod_authnz_pam-2de8600b1118e3632eae41bcbeb9f0393178ab55.tar.xz
mod_authnz_pam-2de8600b1118e3632eae41bcbeb9f0393178ab55.zip
Add support for AuthPAMExpiredRedirect, to redirect to URL where user can reset their password.
Diffstat (limited to 'README')
-rw-r--r--README14
1 files changed, 13 insertions, 1 deletions
diff --git a/README b/README
index 016d8d2..3f5d8e9 100644
--- a/README
+++ b/README
@@ -68,6 +68,18 @@ tlwiki example, file /etc/pam.d/tlwiki could be created with content
to authenticate against sssd.
+Handling expired password:
+
+ AuthPAMExpiredRedirect <URL>
+
+For both the authorization and HTTP Basic authentication case, if the
+password the user has presented has expired (PAM return codes
+PAM_CRED_EXPIRED or PAM_NEW_AUTHTOK_REQD), when AuthPAMExpiredRedirect
+is specified with a URL, redirect is made to that locations. For
+FreeIPA server, the setting would be
+
+ AuthPAMExpiredRedirect https://<IPA-server>/ipa/ui/reset_password.html
+
On SELinux enabled systems, boolean allow_httpd_mod_auth_pam needs to
be enabled:
@@ -85,7 +97,7 @@ should build and install the module.
License
-------
-Copyright 2014 Jan Pazdziora
+Copyright 2014--2015 Jan Pazdziora
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
generated by cgit (git 2.34.1) at 2024-04-28 15:23:32 +0000