Feature #4411
public auth users are able to modify their passwords from Sunstone
| Status: | Closed | Start date: | 04/14/2016 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Ruben S. Montero | % Done: | 100% | |
| Category: | Core & System | |||
| Target version: | Release 5.0.2 | |||
| Resolution: | fixed | Pull request: |
Description
Hi
We have detected that users with "public" authentication mechanism are able to change their passwords from Sunstone. The password for "public" auth is like "x509" auth pass, is not a "real" pass is used to match the user name within OpenNebula database and give him/her access to the cloud infrastructure. The behaviour should be the same that for x509 auth, the password should not be changed by the user from Sunstone view, x509 auth uses the certificate DN for example and "public" auth uses "USER@REALM" as password.
The user will not able to connect again if he/she changes the pass by mistake from Sunstone view. The workaround is to disable the user configuration settings from cloud.yaml but this should be handled by opennebula auth mechanism.
Cheers
Alvaro
Associated revisions
Feature #4411: Disable password change for some auth drivers
feature #4411: Change AUTH_DRIVER_CONF to AUTH_MAD_CONF. Added defaults
for AUTH_MAD_CONF
Feature #4411: Disable password change for some auth drivers
(cherry picked from commit e8f9de4bb26c7d861429cfecb11790b2ec4316d5)
feature #4411: Change AUTH_DRIVER_CONF to AUTH_MAD_CONF. Added defaults
for AUTH_MAD_CONF
(cherry picked from commit d482d967aa991fa1d7234f9b56853a9aaafe9ca1)
History
#1
Updated by Daniel Molina about 5 years ago
- Assignee deleted (
Daniel Molina)
#2
Updated by Ruben S. Montero about 5 years ago
- Tracker changed from Bug to Backlog
- Target version set to Release 5.0
So the proposal here is to disable one.user.set_passwd method for users when the auth driver is public???? This can happen at oned level, and only let the admin change the password of a user
Also we could make this a configuration option in oned.conf
#3
Updated by Alvaro Simon about 5 years ago
Hi Ruben
So the proposal here is to disable one.user.set_passwd method for users when the auth driver is public???? This can happen at oned level, and only let the admin change the password of a user
Also we could make this a configuration option in oned.conf
Yes, something like that, for x509 auth for example the users are not able to change their DNs included in the password field (they can click in the button and put any value but the password value is not changed), for "public" auth should be the same, we are using the user's realm value as password that should be constant and only changed by the admin user.
#4
Updated by Carlos Martín about 5 years ago
- Category changed from Cloud View to Core & System
- Target version changed from Release 5.0 to Release 5.2
#5
Updated by Ruben S. Montero about 5 years ago
- Target version changed from Release 5.2 to Release 5.0.2
#6
Updated by Carlos Martín almost 5 years ago
- % Done changed from 0 to 100
#7
Updated by Carlos Martín almost 5 years ago
- Tracker changed from Backlog to Feature
Updated by 
#9
Updated by Ruben S. Montero almost 5 years ago
- Status changed from Pending to Closed
- Resolution set to fixed