← Back to team overview

openstack team mailing list archive

Re: Change user password (not admin)

 

On 06/07/2012 01:24 AM, Sam Morrison wrote:
Hi,

There has been a first attempt at this in keystone.

See https://review.openstack.org/#/c/7437/
And bug: https://bugs.launchpad.net/keystone/+bug/996922

It needs more work to make it secure though.

Cheers,
Sam



On Thu, Jun 7, 2012 at 7:13 AM, Kiall Mac Innes<kiall@xxxxxxxxxxxx>  wrote:
On Wed, Jun 6, 2012 at 7:55 PM, Gabriel Hurley<Gabriel.Hurley@xxxxxxxxxx>
wrote:
Feel free to have at it with them again. ;-)

Feel free to add my +1 next time it comes up! Users being unable to change
their own passwords simply seems wrong to me!

Thanks,
Kiall


_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp
V3 API is being drafted if you have any suggestion go to the google doc and/or the keystone meeting. However I don't think it's really needed users being able to change their own password. At BVOX (my company), we allow the user change passwords without problem, we just need a valid email:
* Form to get the email
* Check a user with that email exists (application admin k-token needed)
* Create a dr-token, send email with a link including the dr-token (django-registration based workflow)
* Form to get the new password (here the dr-token identifies the user)
* Update the password (application admin k-token needed)

dr-token = django-registration token
k-token = keystone token

https://docs.google.com/document/d/1s9C4EMxIZ55kZr62CKEC9ip7He_Q4_g1KRfSk9hY-Sg/edit?pli=1


References