Password-update is redundant when we have password-set that can do the same.
Password-update asks for the Old password first, while password-set does not.
Current Workaround
> user password-update
Old password: ***
New password: ***
> user password-set admin
New password: ***
Set password for user 'admin'
Please login again with your updated password.
Proposed Solution
One of the following:
Make password-update useful by implementing different user roles (so that all users can change their own password).
Remove password-update and use password-set instead.
At the very least, make them both work similarly to each other. No need to check the old password in password-update if we used this password to connect with the current user.
Additional Information
Currently, any user can change the password for any user, which is a completely different problem.
Problem to Solve
Current Workaround
Proposed Solution
One of the following:
password-update
useful by implementing different user roles (so that all users can change their own password).password-update
and usepassword-set
instead.password-update
if we used this password to connect with the current user.Additional Information
Currently, any user can change the password for any user, which is a completely different problem.