Change password permission assignable to authentification method

1 Requirements

Enabling the possibility to change your own passwords results in a possible security risk and does not make sense for all authentification methods, e.g. LDAP, Shibboleth, ... Right now, if enabled, it is possible for users to set a "second", local password, with which they can log in independetly of the LDAP account status.
 
Thus, an admin should be able to choose the authentification methods for which the "Password" tab should made available.
 
This could be implemented, for example, with a multivalue dropdown list menu in the "Fields" tab of the user account administration in which the auth methods are listed.

2 Status

• Scheduled for: Not scheduled yet
• Funding: Partly funded by Universität Freiburg
• Development: Feature is to be developed by

3 Additional Information

• If you want to know more about this feature, its implementation or funding, please contact: Marko Glaubitz / Uni Freiburg / marko.glaubitz@rz.uni-freiburg.de - We would like to participate in funding this feature! Please get in touch with us, if you want to join us in this project.

4 Discussion

Jour Fixe, 24 Jun 2013: Changing the password should only be possible for the account authenticated against the ILIAS database. Changing the password for external authentication should and is not supported. Stefan Meyer will contact you to clarify this issue.

5 Implementation

...