Open Stack

On 06/07/2012 01:24 AM, Sam Morrison wrote:
> Hi,
>
> There has been a first attempt at this in keystone.
>
> See https://review.openstack.org/#/c/7437/
> And bug: https://bugs.launchpad.net/keystone/+bug/996922
>
> It needs more work to make it secure though.
>
> Cheers,
> Sam
>
>
>
> On Thu, Jun 7, 2012 at 7:13 AM, Kiall Mac Innes<kiall at managedit.ie>  wrote:
>> On Wed, Jun 6, 2012 at 7:55 PM, Gabriel Hurley<Gabriel.Hurley at nebula.com>
>> wrote:
>>> Feel free to have at it with them again. ;-)
>>
>> Feel free to add my +1 next time it comes up! Users being unable to change
>> their own passwords simply seems wrong to me!
>>
>> Thanks,
>> Kiall
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
V3 API is being drafted if you have any suggestion go to the google doc 
and/or the keystone meeting. However I don't think it's really needed 
users being able to change their own password. At BVOX (my company), we 
allow the user change passwords without problem, we just need a valid email:
* Form to get the email
* Check a user with that email exists (application admin k-token needed)
* Create a dr-token, send email with a link including the dr-token 
(django-registration based workflow)
* Form to get the new password (here the dr-token identifies the user)
* Update the password (application admin k-token needed)

dr-token = django-registration token
k-token = keystone token

https://docs.google.com/document/d/1s9C4EMxIZ55kZr62CKEC9ip7He_Q4_g1KRfSk9hY-Sg/edit?pli=1