#4 [RFE] Support password change operation in the compat tree
Opened 5 years ago by mkosek. Modified 2 years ago

FreeIPA uses slapi-nis compat tree so that the legacy hosts (without recent SSSD) can be configured to use LDAP authentication to authenticate IPA or AD users from trusted AD domains:

http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts

Password change should work both for IPA clients and AD clients. As we have enough attributes in the synthesized entry to distinguish
IPA user from an AD user, we can try to add password modify callback
that uses PAM stack. It doesn't need pam_passthru.


Login to comment on this ticket.

Metadata