Actions
Task #2320
openWhen user is changing password IdM sometimes does not check validity of old password
Status:
New
Priority:
Normal
Assignee:
Ondrej Husník
Category:
Password
Target version:
-
Start date:
06/11/2020
Due date:
% Done:
0%
Estimated time:
Owner:
Description
When user changes own password, he is prompted for old password.
Correctness of this old password is, AFAIK, checked only against IdM database.
This does not make sense in cases where IdM is configured to authenticate users against end system (i.e. AD / LDAP).
In that case, IdM may not even know user's password or may have stale password to compare to.
This effectively cancels the check of old password.
Shouldn't we start checking passwords against the same system as we authenticate the user against?
Probably will need some discussion.
No data to display
Actions