openstack team mailing list archive

[Rafael Durán Castañeda <rafadurancastaneda@xxxxxxxxx>]

On 06/07/2012 01:24 AM, Sam Morrison wrote:
> Hi,
>
> There has been a first attempt at this in keystone.
>
> See https://review.openstack.org/#/c/7437/
> And bug: https://bugs.launchpad.net/keystone/+bug/996922
>
> It needs more work to make it secure though.
>
> Cheers,
> Sam
>
>
>
> On Thu, Jun 7, 2012 at 7:13 AM, Kiall Mac Innes<kiall@xxxxxxxxxxxx>  wrote:
> > On Wed, Jun 6, 2012 at 7:55 PM, Gabriel Hurley<Gabriel.Hurley@xxxxxxxxxx>
> > wrote:
> > > Feel free to have at it with them again. ;-)
> >
> > Feel free to add my +1 next time it comes up! Users being unable to change
> > their own passwords simply seems wrong to me!
> >
> > Thanks,
> > Kiall
> >
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~openstack
> > Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> > Unsubscribe : https://launchpad.net/~openstack
> > More help   : https://help.launchpad.net/ListHelp
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
V3 API is being drafted if you have any suggestion go to the google doc 
and/or the keystone meeting. However I don't think it's really needed 
users being able to change their own password. At BVOX (my company), we 
allow the user change passwords without problem, we just need a valid email:
* Form to get the email
* Check a user with that email exists (application admin k-token needed)
* Create a dr-token, send email with a link including the dr-token 
(django-registration based workflow)
* Form to get the new password (here the dr-token identifies the user)
* Update the password (application admin k-token needed)

dr-token = django-registration token
k-token = keystone token

https://docs.google.com/document/d/1s9C4EMxIZ55kZr62CKEC9ip7He_Q4_g1KRfSk9hY-Sg/edit?pli=1