diff options
author | Jan Pazdziora <jpazdziora@redhat.com> | 2015-04-24 10:16:06 +0200 |
---|---|---|
committer | Jan Pazdziora <jpazdziora@redhat.com> | 2015-04-24 10:16:06 +0200 |
commit | 2de8600b1118e3632eae41bcbeb9f0393178ab55 (patch) | |
tree | b096295d3533024c714ec7aa9fedb8575be009bf /README | |
parent | db6c9f4a414ed19419c1405854cd8da1e18e819f (diff) | |
download | mod_authnz_pam-2de8600b1118e3632eae41bcbeb9f0393178ab55.tar.gz mod_authnz_pam-2de8600b1118e3632eae41bcbeb9f0393178ab55.tar.xz mod_authnz_pam-2de8600b1118e3632eae41bcbeb9f0393178ab55.zip |
Add support for AuthPAMExpiredRedirect, to redirect to URL where user can reset their password.
Diffstat (limited to 'README')
-rw-r--r-- | README | 14 |
1 files changed, 13 insertions, 1 deletions
@@ -68,6 +68,18 @@ tlwiki example, file /etc/pam.d/tlwiki could be created with content to authenticate against sssd. +Handling expired password: + + AuthPAMExpiredRedirect <URL> + +For both the authorization and HTTP Basic authentication case, if the +password the user has presented has expired (PAM return codes +PAM_CRED_EXPIRED or PAM_NEW_AUTHTOK_REQD), when AuthPAMExpiredRedirect +is specified with a URL, redirect is made to that locations. For +FreeIPA server, the setting would be + + AuthPAMExpiredRedirect https://<IPA-server>/ipa/ui/reset_password.html + On SELinux enabled systems, boolean allow_httpd_mod_auth_pam needs to be enabled: @@ -85,7 +97,7 @@ should build and install the module. License ------- -Copyright 2014 Jan Pazdziora +Copyright 2014--2015 Jan Pazdziora Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. |