Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Undefined
Fix Version/s: rhel-10.2
Affects Version/s: None
Component/s: ipa
Labels:
- upstream-in-progress

Severity:
None
Epic Link:
IDM-1850
sprint_count:
1

AssignedTeam:
rhel-idm-ipa

Story Points:
None
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
IPA: RHELs for 10.2 and 9.8

Preliminary Testing:
None
Test Coverage:
None

ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Goal

As an IdM administrator, I want to configure external password reset agents (e.g., CyberArk) to use the ipa_pwd_extop mechanism, so that privileged password resets can be performed securely without forcing users to change their password at next login

Acceptance criteria

Verify that an external agent can authenticate with a privileged DN.
Verify that the agent can reset a user’s password using ipa_pwd_extop.
Verify that the user is not forced to reset their password upon next login.
Verify that audit/logging records the reset action.
Verify that documentation clearly explains setup and security best practices.

Assignee:: Florence Renaud

Reporter:: Francisco Trivino Garcia

Developer:: Florence Renaud

QA Contact:: Anuja More

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2025/08/20 10:51 AM

Updated:: 2025/10/15 6:36 AM

Stale Date:: 2026/08/19

Details

Description

Goal

Acceptance criteria

Attachments

Easy Agile Planning Poker

Activity

People

Dates

Hide