Tagged: 

This topic contains 1 reply, has 2 voices, and was last updated by  Ludo 5 months ago.

  • Author
    Posts
  • #22480
     garcimo 
    Participant

    Hello
    i want to achieve two things in a directory server used for authenticate linux clients..

    1. how to allow sssd to read data without having username/password in clear in sssd.conf I can use obfuscated passwords but I would prefer no passwords and accept the anonymous from a network range.. I don’t know what is safer.

    2. how to allow users to change their own password an only theirs and not the password of anyone else using passwd command..

    I read this but it is not clear if the privileges in the example would allow to modify any password..

    https://backstage.forgerock.com/docs/ds/6/admin-guide/index.html#chap-privileges-acis

    thanks

    #22484
     Ludo 
    Moderator

    With regards to 2/ ACIs are only needed for a user to change his own password. Privileges are only required if you need an administrator to change someone else password (called password-reset).

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?