9:31 a.m.
Hi,
I am doing a POC of RHEV 3.2 VDI for a customer. Their users are located in an IPA server,
and
RHEV and IPA has been connected using rhevm-manage-domains.
During the POC we discovered that users which have expired password cannot log on. They
receive an
Incorrect password error message.
1. They should at least receive a Your password has expired error instead of the
Incorrect
password error message as this is confusing for the user.
2. This creates a problem, as every time a password is reset in IPA, it's
automatically set to be
expired so the user will change password at next logon.
Is there a way around this?
I would like to see the user being able to log on the User Portal with the expired
password, and
then he will be asked to change his password as usual once he's logging into his Linux
VDI
machine.
Regards,
Siggi
5:22 p.m.
On 10/15/2013 10:31 AM, Sigbjorn Lie wrote:
Hi,
I am doing a POC of RHEV 3.2 VDI for a customer. Their users are located in an IPA
server, and
RHEV and IPA has been connected using rhevm-manage-domains.
During the POC we discovered that users which have expired password cannot log on. They
receive an
Incorrect password error message.
1. They should at least receive a Your password has expired error instead of the
Incorrect
password error message as this is confusing for the user.
3.3 has the motd to provide some info/url to IPA password changing.
2. This creates a problem, as every time a password is reset in IPA, it's
automatically set to be
expired so the user will change password at next logon.
Is there a way around this?
use the IPA web form to change the password by the user.
I would like to see the user being able to log on the User Portal with the expired
password, and
then he will be asked to change his password as usual once he's logging into his
Linux VDI
machine.
for ovirt, open a BZ for an RFE to show expired password and link to web
page for changing it.
for rhev, open a support ticket to get proper tracking, etc.
Thanks,
Itamar
Regards,
Siggi
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
4:19 p.m.
This is a multi-part message in MIME format.
--------------090505040605020907090408
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
On 16/10/13 00:22, Itamar Heim wrote:
On 10/15/2013 10:31 AM, Sigbjorn Lie wrote:
> Hi,
>
> I am doing a POC of RHEV 3.2 VDI for a customer. Their users are
> located in an IPA server, and
> RHEV and IPA has been connected using rhevm-manage-domains.
>
> During the POC we discovered that users which have expired password
> cannot log on. They receive an
> Incorrect password error message.
>
> 1. They should at least receive a Your password has expired error
> instead of the Incorrect
> password error message as this is confusing for the user.
3.3 has the motd to provide some info/url to IPA password changing.
I've installed 3.3 as a test and I can see that it's now correctly
advising the user that his password has expired. But it does not provide
the user with an option to change his/her password.
>
> 2. This creates a problem, as every time a password is reset in IPA,
> it's automatically set to be
> expired so the user will change password at next logon.
>
> Is there a way around this?
use the IPA web form to change the password by the user.
This is a manual process for the user to be aware of and will generate
calls to the helpdesk. I believe it would create a much better user
experience to allow the password to the changed as a part of the login
procedure.
Or adding an option to work the same way as our current Secure Global
Desktop solution allows us to do; Logging in the user with the expired
password, and then the password is being changed as a part of the login
procedure to the Linux Desktop.
And this is a scenario that will be coming up often, as that every time
a new user is added or a password is reset for an existing user in Red
Hat IdM, the password is set to be expired so that the user is forced to
change it on next logon, and no option is provided in Red Hat IdM to
work around this.
In our environment the users who will use the Linux VDI solution through
the User Portal will be using a Windows desktop and this will be their
only link into the Linux environment where they're required to log on
using a username and password from Red Hat IdM.
>
> I would like to see the user being able to log on the User Portal
> with the expired password, and
> then he will be asked to change his password as usual once he's
> logging into his Linux VDI
> machine.
for ovirt, open a BZ for an RFE to show expired password and link to
web page for changing it.
for rhev, open a support ticket to get proper tracking, etc.
https://bugzilla.redhat.com/show_bug.cgi?id=1037844
A ticket has been opened for RHEV referencing the BZ above.
Thanks.
Thanks,
Itamar
>
>
>
> Regards,
> Siggi
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
--------------090505040605020907090408
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 16/10/13 00:22, Itamar Heim
wrote:<br>
</div>
<blockquote cite="mid:525DC018.8000807@redhat.com"
type="cite">On
10/15/2013 10:31 AM, Sigbjorn Lie wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
I am doing a POC of RHEV 3.2 VDI for a customer. Their users are
located in an IPA server, and
<br>
RHEV and IPA has been connected using rhevm-manage-domains.
<br>
<br>
During the POC we discovered that users which have expired
password cannot log on. They receive an
<br>
Incorrect password error message.
<br>
<br>
1. They should at least receive a Your password has expired
error instead of the Incorrect
<br>
password error message as this is confusing for the user.
<br>
</blockquote>
<br>
3.3 has the motd to provide some info/url to IPA password
changing.
<br>
<br>
</blockquote>
I've installed 3.3 as a test and I can see that it's now correctly
advising the user that his password has expired. But it does not
provide the user with an option to change his/her password.<br>
<br>
<blockquote cite="mid:525DC018.8000807@redhat.com"
type="cite">
<blockquote type="cite">
<br>
2. This creates a problem, as every time a password is reset in
IPA, it's automatically set to be
<br>
expired so the user will change password at next logon.
<br>
<br>
Is there a way around this?
<br>
</blockquote>
<br>
use the IPA web form to change the password by the user.
<br>
<br>
</blockquote>
This is a manual process for the user to be aware of and will
generate calls to the helpdesk. I believe it would create a much
better user experience to allow the password to the changed as a
part of the login procedure.<br>
<br>
Or adding an option to work the same way as our current Secure
Global Desktop solution allows us to do; Logging in the user with
the expired password, and then the password is being changed as a
part of the login procedure to the Linux Desktop.<br>
<br>
And this is a scenario that will be coming up often, as that every
time a new user is added or a password is reset for an existing user
in Red Hat IdM, the password is set to be expired so that the user
is forced to change it on next logon, and no option is provided in
Red Hat IdM to work around this.<br>
<br>
In our environment the users who will use the Linux VDI solution
through the User Portal will be using a Windows desktop and this
will be their only link into the Linux environment where they're
required to log on using a username and password from Red Hat IdM.<br>
<br>
<blockquote cite="mid:525DC018.8000807@redhat.com"
type="cite">
<blockquote type="cite">
<br>
I would like to see the user being able to log on the User
Portal with the expired password, and
<br>
then he will be asked to change his password as usual once he's
logging into his Linux VDI
<br>
machine.
<br>
</blockquote>
<br>
for ovirt, open a BZ for an RFE to show expired password and link
to web page for changing it.
<br>
for rhev, open a support ticket to get proper tracking, etc.
<br>
<br>
</blockquote>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<a
href="https://bugzilla.redhat.com/show_bug.cgi?id=1037844">h...
<br>
A ticket has been opened for RHEV referencing the BZ above.<br>
<br>
Thanks.<br>
<br>
<br>
<blockquote cite="mid:525DC018.8000807@redhat.com"
type="cite">Thanks,
<br>
Itamar
<br>
<br>
<blockquote type="cite">
<br>
<br>
<br>
Regards,
<br>
Siggi
<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________
<br>
Users mailing list
<br>
<a class="moz-txt-link-abbreviated"
href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<br>
<a class="moz-txt-link-freetext"
href="http://lists.ovirt.org/mailman/listinfo/users">http://...
<br>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>
--------------090505040605020907090408--
11:47 p.m.
On 12/04/2013 12:19 AM, Sigbjorn Lie wrote:
On 16/10/13 00:22, Itamar Heim wrote:
> On 10/15/2013 10:31 AM, Sigbjorn Lie wrote:
>> Hi,
>>
>> I am doing a POC of RHEV 3.2 VDI for a customer. Their users are
>> located in an IPA server, and
>> RHEV and IPA has been connected using rhevm-manage-domains.
>>
>> During the POC we discovered that users which have expired password
>> cannot log on. They receive an
>> Incorrect password error message.
>>
>> 1. They should at least receive a Your password has expired error
>> instead of the Incorrect
>> password error message as this is confusing for the user.
>
> 3.3 has the motd to provide some info/url to IPA password changing.
>
I've installed 3.3 as a test and I can see that it's now correctly
advising the user that his password has expired. But it does not provide
the user with an option to change his/her password.
>>
>> 2. This creates a problem, as every time a password is reset in IPA,
>> it's automatically set to be
>> expired so the user will change password at next logon.
>>
>> Is there a way around this?
>
> use the IPA web form to change the password by the user.
>
This is a manual process for the user to be aware of and will generate
calls to the helpdesk. I believe it would create a much better user
experience to allow the password to the changed as a part of the login
procedure.
Or adding an option to work the same way as our current Secure Global
Desktop solution allows us to do; Logging in the user with the expired
password, and then the password is being changed as a part of the login
procedure to the Linux Desktop.
And this is a scenario that will be coming up often, as that every time
a new user is added or a password is reset for an existing user in Red
Hat IdM, the password is set to be expired so that the user is forced to
change it on next logon, and no option is provided in Red Hat IdM to
work around this.
In our environment the users who will use the Linux VDI solution through
the User Portal will be using a Windows desktop and this will be their
only link into the Linux environment where they're required to log on
using a username and password from Red Hat IdM.
the problem is each authentication provider has a different method to
change password (no standard for this).
as a first step, we added in 3.3 the motd option (message of the day),
you can use that to put a text specifying in case of password expirtaion
to use the IPA web url.
we'll another tweak to manage domains, to allow specyfing the password
expirtation web form change url per domain, and show it for password
expirtaion.
then we can look about actually supporting this for specific providers.
>>
>> I would like to see the user being able to log on the User Portal
>> with the expired password, and
>> then he will be asked to change his password as usual once he's
>> logging into his Linux VDI
>> machine.
>
> for ovirt, open a BZ for an RFE to show expired password and link to
> web page for changing it.
> for rhev, open a support ticket to get proper tracking, etc.
>
https://bugzilla.redhat.com/show_bug.cgi?id=1037844
A ticket has been opened for RHEV referencing the BZ above.
Thanks.
> Thanks,
> Itamar
>
>>
>>
>>
>> Regards,
>> Siggi
>>
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>
12:33 p.m.
On 04/12/13 06:47, Itamar Heim wrote:
On 12/04/2013 12:19 AM, Sigbjorn Lie wrote:
> On 16/10/13 00:22, Itamar Heim wrote:
>> On 10/15/2013 10:31 AM, Sigbjorn Lie wrote:
>>> Hi,
>>>
>>> I am doing a POC of RHEV 3.2 VDI for a customer. Their users are
>>> located in an IPA server, and
>>> RHEV and IPA has been connected using rhevm-manage-domains.
>>>
>>> During the POC we discovered that users which have expired password
>>> cannot log on. They receive an
>>> Incorrect password error message.
>>>
>>> 1. They should at least receive a Your password has expired error
>>> instead of the Incorrect
>>> password error message as this is confusing for the user.
>>
>> 3.3 has the motd to provide some info/url to IPA password changing.
>>
> I've installed 3.3 as a test and I can see that it's now correctly
> advising the user that his password has expired. But it does not provide
> the user with an option to change his/her password.
>
>>>
>>> 2. This creates a problem, as every time a password is reset in IPA,
>>> it's automatically set to be
>>> expired so the user will change password at next logon.
>>>
>>> Is there a way around this?
>>
>> use the IPA web form to change the password by the user.
>>
> This is a manual process for the user to be aware of and will generate
> calls to the helpdesk. I believe it would create a much better user
> experience to allow the password to the changed as a part of the login
> procedure.
>
> Or adding an option to work the same way as our current Secure Global
> Desktop solution allows us to do; Logging in the user with the expired
> password, and then the password is being changed as a part of the login
> procedure to the Linux Desktop.
>
> And this is a scenario that will be coming up often, as that every time
> a new user is added or a password is reset for an existing user in Red
> Hat IdM, the password is set to be expired so that the user is forced to
> change it on next logon, and no option is provided in Red Hat IdM to
> work around this.
>
> In our environment the users who will use the Linux VDI solution through
> the User Portal will be using a Windows desktop and this will be their
> only link into the Linux environment where they're required to log on
> using a username and password from Red Hat IdM.
the problem is each authentication provider has a different method to
change password (no standard for this).
as a first step, we added in 3.3 the motd option (message of the day),
you can use that to put a text specifying in case of password
expirtaion to use the IPA web url.
we'll another tweak to manage domains, to allow specyfing the password
expirtation web form change url per domain, and show it for password
expirtaion.
then we can look about actually supporting this for specific providers.
I've got a RHEV 3.3 test environment up running, and I'm trying the motd
option you recommended. I can set the UserMessageOfTheDay using
rhevm-config sucessfully, and I see the message displayed on the User
Portal web page.
However any attempt on adding an URL (to the IPA server) with a <a
href..> tag or without any html tag, displays the URL and not a link the
user can click on as expected. Neither can I copy and paste from the MOTD.
Is there any way to produce a clickable link in the motd? Or at least
allow cut and paste from the motd?
Regards,
Siggi
1:17 p.m.
On 01/26/2014 08:33 PM, Sigbjorn Lie wrote:
On 04/12/13 06:47, Itamar Heim wrote:
> On 12/04/2013 12:19 AM, Sigbjorn Lie wrote:
>> On 16/10/13 00:22, Itamar Heim wrote:
>>> On 10/15/2013 10:31 AM, Sigbjorn Lie wrote:
>>>> Hi,
>>>>
>>>> I am doing a POC of RHEV 3.2 VDI for a customer. Their users are
>>>> located in an IPA server, and
>>>> RHEV and IPA has been connected using rhevm-manage-domains.
>>>>
>>>> During the POC we discovered that users which have expired password
>>>> cannot log on. They receive an
>>>> Incorrect password error message.
>>>>
>>>> 1. They should at least receive a Your password has expired error
>>>> instead of the Incorrect
>>>> password error message as this is confusing for the user.
>>>
>>> 3.3 has the motd to provide some info/url to IPA password changing.
>>>
>> I've installed 3.3 as a test and I can see that it's now correctly
>> advising the user that his password has expired. But it does not provide
>> the user with an option to change his/her password.
>>
>>>>
>>>> 2. This creates a problem, as every time a password is reset in IPA,
>>>> it's automatically set to be
>>>> expired so the user will change password at next logon.
>>>>
>>>> Is there a way around this?
>>>
>>> use the IPA web form to change the password by the user.
>>>
>> This is a manual process for the user to be aware of and will generate
>> calls to the helpdesk. I believe it would create a much better user
>> experience to allow the password to the changed as a part of the login
>> procedure.
>>
>> Or adding an option to work the same way as our current Secure Global
>> Desktop solution allows us to do; Logging in the user with the expired
>> password, and then the password is being changed as a part of the login
>> procedure to the Linux Desktop.
>>
>> And this is a scenario that will be coming up often, as that every time
>> a new user is added or a password is reset for an existing user in Red
>> Hat IdM, the password is set to be expired so that the user is forced to
>> change it on next logon, and no option is provided in Red Hat IdM to
>> work around this.
>>
>> In our environment the users who will use the Linux VDI solution through
>> the User Portal will be using a Windows desktop and this will be their
>> only link into the Linux environment where they're required to log on
>> using a username and password from Red Hat IdM.
>
> the problem is each authentication provider has a different method to
> change password (no standard for this).
> as a first step, we added in 3.3 the motd option (message of the day),
> you can use that to put a text specifying in case of password
> expirtaion to use the IPA web url.
>
> we'll another tweak to manage domains, to allow specyfing the password
> expirtation web form change url per domain, and show it for password
> expirtaion.
>
> then we can look about actually supporting this for specific providers.
>
I've got a RHEV 3.3 test environment up running, and I'm trying the motd
option you recommended. I can set the UserMessageOfTheDay using
rhevm-config sucessfully, and I see the message displayed on the User
Portal web page.
However any attempt on adding an URL (to the IPA server) with a <a
href..> tag or without any html tag, displays the URL and not a link the
user can click on as expected. Neither can I copy and paste from the MOTD.
Is there any way to produce a clickable link in the motd? Or at least
allow cut and paste from the motd?
Regards,
Siggi
this was recently fixed via http://gerrit.ovirt.org/#/c/23373/ and
backported to 3.4 via http://gerrit.ovirt.org/#/c/23622/
barak/yair - please review if this is stable-3.3 branch material (for
the older global motd config of course).
Thanks,
Itamar
6:41 p.m.
On 26/01/14 20:17, Itamar Heim wrote:
On 01/26/2014 08:33 PM, Sigbjorn Lie wrote:
> On 04/12/13 06:47, Itamar Heim wrote:
>> On 12/04/2013 12:19 AM, Sigbjorn Lie wrote:
>>> On 16/10/13 00:22, Itamar Heim wrote:
>>>> On 10/15/2013 10:31 AM, Sigbjorn Lie wrote:
>>>>> Hi,
>>>>>
>>>>> I am doing a POC of RHEV 3.2 VDI for a customer. Their users are
>>>>> located in an IPA server, and
>>>>> RHEV and IPA has been connected using rhevm-manage-domains.
>>>>>
>>>>> During the POC we discovered that users which have expired password
>>>>> cannot log on. They receive an
>>>>> Incorrect password error message.
>>>>>
>>>>> 1. They should at least receive a Your password has expired error
>>>>> instead of the Incorrect
>>>>> password error message as this is confusing for the user.
>>>>
>>>> 3.3 has the motd to provide some info/url to IPA password changing.
>>>>
>>> I've installed 3.3 as a test and I can see that it's now correctly
>>> advising the user that his password has expired. But it does not
>>> provide
>>> the user with an option to change his/her password.
>>>
>>>>>
>>>>> 2. This creates a problem, as every time a password is reset in IPA,
>>>>> it's automatically set to be
>>>>> expired so the user will change password at next logon.
>>>>>
>>>>> Is there a way around this?
>>>>
>>>> use the IPA web form to change the password by the user.
>>>>
>>> This is a manual process for the user to be aware of and will generate
>>> calls to the helpdesk. I believe it would create a much better user
>>> experience to allow the password to the changed as a part of the login
>>> procedure.
>>>
>>> Or adding an option to work the same way as our current Secure Global
>>> Desktop solution allows us to do; Logging in the user with the expired
>>> password, and then the password is being changed as a part of the
>>> login
>>> procedure to the Linux Desktop.
>>>
>>> And this is a scenario that will be coming up often, as that every
>>> time
>>> a new user is added or a password is reset for an existing user in Red
>>> Hat IdM, the password is set to be expired so that the user is
>>> forced to
>>> change it on next logon, and no option is provided in Red Hat IdM to
>>> work around this.
>>>
>>> In our environment the users who will use the Linux VDI solution
>>> through
>>> the User Portal will be using a Windows desktop and this will be their
>>> only link into the Linux environment where they're required to log on
>>> using a username and password from Red Hat IdM.
>>
>> the problem is each authentication provider has a different method to
>> change password (no standard for this).
>> as a first step, we added in 3.3 the motd option (message of the day),
>> you can use that to put a text specifying in case of password
>> expirtaion to use the IPA web url.
>>
>> we'll another tweak to manage domains, to allow specyfing the password
>> expirtation web form change url per domain, and show it for password
>> expirtaion.
>>
>> then we can look about actually supporting this for specific providers.
>>
> I've got a RHEV 3.3 test environment up running, and I'm trying the motd
> option you recommended. I can set the UserMessageOfTheDay using
> rhevm-config sucessfully, and I see the message displayed on the User
> Portal web page.
>
> However any attempt on adding an URL (to the IPA server) with a <a
> href..> tag or without any html tag, displays the URL and not a link the
> user can click on as expected. Neither can I copy and paste from the
> MOTD.
>
> Is there any way to produce a clickable link in the motd? Or at least
> allow cut and paste from the motd?
>
>
> Regards,
> Siggi
>
this was recently fixed via http://gerrit.ovirt.org/#/c/23373/ and
backported to 3.4 via http://gerrit.ovirt.org/#/c/23622/
barak/yair - please review if this is stable-3.3 branch material (for
the older global motd config of course).
Any update on this?
Regards,
Siggi
3949
days inactive
4058
days old
6 comments
2 participants
participants (2)
-
Itamar Heim -
Sigbjorn Lie