Unprivileged Users Change password

Christopher_Lasater · September 8, 2011, 9:20pm

Hi,

           Not sure if this is a bug, but if I have an LDAP user imported, they have the option to change their password, while the Privileged Users do not.  This is kind of unusual because you can create a local account with one password and your ldap be different and you can log in with either.  The only bad side effect with this is that if the LDAP account is disabled then they can still access RT with the second password.

RT 4.0.2

PGP.sig (475 Bytes)

Kevin_Falcone · September 8, 2011, 9:30pm

              Not sure if this is a bug, but if I have an LDAP user imported, they have the
option to change their password, while the Privileged Users do not. This is kind of unusual
because you can create a local account with one password and your ldap be different and you
can log in with either. The only bad side effect with this is that if the LDAP account is
disabled then they can still access RT with the second password.

RT 4.0.2

This is actually a property of RT-Authen-ExternalAuth, not RT.
It could hide that field for Unprivileged users, but you may want to
just remove the ModifySelf right from Unprivileged and only grant it
to Privileged.

-kevin

Christopher_Lasater · September 9, 2011, 2:09pm

Hey Kevin,
Is Modify Self supposed to grant the Unprivileged user the ability to change their information? All I have is the password for them-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Thursday, September 08, 2011 5:30 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Unprivileged Users Change password

On Thu, Sep 08, 2011 at 05:20:51PM -0400, Christopher Lasater wrote:

              Not sure if this is a bug, but if I have an LDAP user imported, they have the
option to change their password, while the Privileged Users do not. This is kind of unusual
because you can create a local account with one password and your ldap be different and you
can log in with either. The only bad side effect with this is that if the LDAP account is
disabled then they can still access RT with the second password.

RT 4.0.2

This is actually a property of RT-Authen-ExternalAuth, not RT.
It could hide that field for Unprivileged users, but you may want to just remove the ModifySelf right from Unprivileged and only grant it to Privileged.

-kevin

PGP.sig (475 Bytes)

Kevin_Falcone · September 9, 2011, 3:13pm

Is Modify Self supposed to grant the Unprivileged user the ability to change their information? All I have is the password for them

The only thing an Unprivileged user can change is their password.
Giving them ModifySelf when you have an external password store isn’t
really useful.

-kevin

Christopher_Lasater · September 9, 2011, 5:47pm

Ok, thanks.-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, September 09, 2011 11:14 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Unprivileged Users Change password

On Fri, Sep 09, 2011 at 10:09:22AM -0400, Christopher Lasater wrote:

Is Modify Self supposed to grant the Unprivileged user the ability to
change their information? All I have is the password for them

The only thing an Unprivileged user can change is their password.
Giving them ModifySelf when you have an external password store isn’t really useful.

-kevin

PGP.sig (475 Bytes)