mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
0d6b6fa084
ldap add and modify operation performed on the userPassword attribute. Add helper functions to reduce code duplication. Do not enforce encrypted connections on ldap add/ldap mod for compatibility reasons. (We cannot enforce people not to send the password in the clear anyway, we can only refuse to accept it at the most which does not gain you much if someone then re-send you the same password previously exposed)
-
-
IPA uses Kerberos with an LDAP storage backend and some custom plugins to help manage users and passwords. A UI interface is provided to make user administration and self-service possible. A set of command-line utilities that should provide the same capabilities is in ipa-admintools. Firefox ------- The Gecko engine provides an interface for managing a user's configuration in Javascript. Naturally this is highly protected and the user gets an appropriately dire warning when you try to do this. It also requires signed javascript. During installation a signing certificate is created that creates and signs /usr/share/ipa/html/configure.jar which contains the javascript to update the browser configuration. User's are directed to go to /errors/preferencs.html to load this javascript and apply the changes.