Skip to content

[7.x] Disallow Password Change when authenticated by Token (#49694)#53614

Merged
jkakavas merged 1 commit intoelastic:7.xfrom
jkakavas:backport/7.x/pr-49694
Mar 17, 2020
Merged

[7.x] Disallow Password Change when authenticated by Token (#49694)#53614
jkakavas merged 1 commit intoelastic:7.xfrom
jkakavas:backport/7.x/pr-49694

Conversation

@jkakavas
Copy link
Copy Markdown
Contributor

@jkakavas jkakavas commented Mar 16, 2020

Backports the following commits to 7.x:

@jkakavas
Disallow Password Change when authenticated by Token (elastic#49694)
e4bc958 
Password changes are only allowed when the user is currently
authenticated by a realm (that permits the password to be changed)
and not when authenticated by a bearer token or an API key.
@jkakavas jkakavas merged commit 23af171 into elastic:7.x Mar 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jkakavas