Comment 2 for bug 1337768

I figure that match after I submitted the bug report, but I forgot to add my finding, that there is special API request for user changing his own password https://github.com/openstack/keystone/blob/stable/icehouse/keystone/contrib/user_crud/core.py and that the action that I was referring to in the bug report is admin only (at least from the point of view of default policy rules).

My main confusion come from the policy rule identity:change_password, which span for both action but doesn't really work with the admin action, which i think it's confusing !

As far as I can tell in V3 things are better, with action POST /users/{user_id}/password to change own password (b/c it require knowing the original password and that's what the default policy.v3.json authorize "identity:change_password": "rule:owner"), and as admin changing a user password by sending update user action i.e. PATCH /users/{user_id}, right ?

Thanks,