def _chpass(self, mock_spawn):
change_password_with_keytab(
'ggroup',
'strong_hunter2',
'/some/keytab',
'create/admin',
)
mock_spawn.assert_called_with(
'/usr/bin/kadmin -K /some/keytab -p create/admin cpw ggroup',
timeout=10,
)
mock_spawn.return_value.sendline.assert_has_calls(
[mock.call('strong_hunter2'), mock.call('strong_hunter2')],
)
def _chpass(self, mock_spawn):
change_password_with_keytab(
'ggroup',
'strong_hunter2',
'/some/keytab',
'create/admin',
)
mock_spawn.assert_called_with(
'/usr/bin/kadmin -K /some/keytab -p create/admin cpw ggroup',
timeout=10,
)
mock_spawn.return_value.sendline.assert_has_calls(
[mock.call('strong_hunter2'),
mock.call('strong_hunter2')], )
def change_password(request):
calnet_uid = request.session['calnet_uid']
accounts = get_authorized_accounts_for(calnet_uid)
backend_failures = {}
if request.method == 'POST':
form = ChpassForm(accounts, calnet_uid, request.POST)
if form.is_valid():
account = form.cleaned_data['ocf_account']
password = form.cleaned_data['new_password']
syslog.openlog(
str('webchpwd as %s (from %s) for %s' %
(calnet_uid, request.META['REMOTE_ADDR'], account)))
try:
manage.change_password_with_keytab(
account,
password,
settings.KRB_KEYTAB,
'chpass/{}'.format(socket.getfqdn()))
krb_change_success = True
syslog.syslog('Kerberos password change successful')
except Exception as e:
print(e)
krb_change_success = False
backend_failures['KRB'] = str(e)
syslog.syslog('Kerberos password change failed: %s' % e)
if krb_change_success:
# deleting this session variable will force
# the next change_password request to
# reauthenticate with CalNet
del request.session['calnet_uid']
return render_to_response('successfully_changed_password.html',
{
'user_account': account
})
else:
form = ChpassForm(accounts, calnet_uid)
return render_to_response('change_password.html', {
'form': form,
'calnet_uid': calnet_uid,
'backend_failures': backend_failures
}, context_instance=RequestContext(request))
def change_password(username, new_password, comment=None):
"""Change the password of a username.
Only passwords for a regular user can be changed (e.g. can't change a
/admin principal's password), and passwords are subject to validation.
Users are notified via email of the change.
:param comment: comment to include in notification email
"""
change_password_with_keytab(
username=username,
password=new_password,
keytab=credentials.kerberos_keytab,
principal=credentials.kerberos_principal,
comment=comment,
)
def change_password(username, new_password, comment=None):
"""Change the password of a username.
Only passwords for a regular user can be changed (e.g. can't change a
/admin principal's password), and passwords are subject to validation.
Users are notified via email of the change.
:param comment: comment to include in notification email
"""
change_password_with_keytab(
username=username,
password=new_password,
keytab=credentials.kerberos_keytab,
principal=credentials.kerberos_principal,
comment=comment,
)
def _chpass(self, mock_spawn):
change_password_with_keytab("ggroup", "strong_hunter2", "/some/keytab", "create/admin")
mock_spawn.assert_called_with("/usr/bin/kadmin -K /some/keytab -p create/admin cpw ggroup", timeout=10)
mock_spawn.return_value.sendline.assert_has_calls([mock.call("strong_hunter2"), mock.call("strong_hunter2")])
