Need an alternative to the IdM UI for users to change/reset passwords

Latest response

Using RHEL 7.4 I have set-up a replicating pair of IdM servers to manage the authentication within a system. Users of the system need only interact directly with IdM when changing their password or when requesting a password reset. Whilst these capabilities are available via the IdM UI the transparent nature of the LDAP Directory Server means that a logged-on user sees not only their own personal information but also that of other users. This is a big problem for us as it contravenes our security protocol; no user should be able to see any information pertaining to another.

As the UI cannot be configured to hide other user’s information can anyone recommend an alternative method for users to change/reset their passwords?

DM
Log in to join the conversation

Responses

KD Pro 410 points
3 September 2018 8:48 AM

Something like https://github.com/pwm-project/pwm/?

DM Community Member 20 points
3 September 2018 11:46 AM

Hi Klaas, yes, something like pwm but much lighter - either accessed via a browser or maybe a console on the server that can be viewed using RDP.

KD Pro 410 points
4 September 2018 7:39 AM

https://www.freeipa.org/page/Self-Service_Password_Reset it is not planned to be included, besides pwm there seem to be a few more projects: https://github.com/larrabee/freeipa-password-reset https://github.com/ubccr/mokey or you write something yourself that fits your exact needs

DM Community Member 20 points
5 September 2018 6:16 AM

Thanks for the pointers Klaas, I'll take a look.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.