BMCWeb changes login password
Joseph Reynolds
jrey at linux.ibm.com
Thu Sep 5 08:28:32 AEST 2019
On 9/4/19 9:57 AM, Alexander Tereschenko wrote:
> On 04-Sep-19 04:06, Joseph Reynolds wrote:
>> 2. The scenario where we may want to ask for the old password is the
>> "password change dialog". This dialog is accessed when the user
>> signs into the Web App login page and the web app informs the user
>> that their password is expired and must be changed before they can
>> access the BMC The dialog asks for their new password (twice) ...
>> and does it also ask for the old password? <== That's the question.
>
> FWIW, by the time the BMC is able to determine that user's password is
> expired (and make sure that's indeed that user who's accessing the web
> app), the user must have entered their password, so asking it once
> again sounds like surplus step in this particular scenario.
I agree. Industry standards are not clear about the best practices in
this situation.
- Joseph
>
> regards,
> Alexander
>
More information about the openbmc
mailing list