Use case:
User forgets his password, he needs to be a given a way to log in using some kind of a temporary code so that he can reset his password in a secure way without calling a help desk.
Feature should be available in UI and CLI. Feature should be turned off by default and require administrator to explicitly enable it.
For more information see: https://www.redhat.com/archives/freeipa-users/2013-May/msg00040.html
Note: this requirement can probably be solved by integrating with solutions like Telesign or PhoneFactor
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1084107 (Red Hat Enterprise Linux 6)
FreeIPA team reviewed recent request for a self-service password reset functionality and decided not to implement the feature to be part of core FreeIPA. Self-service password reset solutions do not meet the level of security required by FreeIPA and we would rather like to see it as a 3rd party integration projects.
A wiki page with full reasoning can be found at our wiki: http://www.freeipa.org/page/Self-Service_Password_Reset
Metadata Update from @dpal: - Issue assigned to someone - Issue set to the milestone: Ticket Backlog
Login to comment on this ticket.