d1e695b Password change capability for form-based auth

5 files Authored by mkosek 11 years ago, Committed by rcritten 11 years ago,
    Password change capability for form-based auth
    
    IPA server web form-based authentication allows logins for users
    which for some reason cannot use Kerberos authentication. However,
    when a password for such users expires, they are unable change the
    password via web interface.
    
    This patch adds a new WSGI script attached to URL
    /ipa/session/change_password which can be accessed without
    authentication and which provides password change capability
    for web services.
    
    The actual password change in the script is processed by LDAP
    password change command.
    
    Password result is passed both in the resulting HTML page, but
    also in HTTP headers for easier parsing in web services:
      X-IPA-Pwchange-Result: {ok, invalid-password, policy-error, error}
      (optional) X-IPA-Pwchange-Policy-Error: $policy_error_text
    
    https://fedorahosted.org/freeipa/ticket/2276
    
        
file modified
+7 -1
file modified
+107 -1