Workaround to disable changing pwd when using generic oauth

Grafana Configuration
1

I knew in Grafana 4.2, user can’t change pwd if LDAP or authProxy is enabled in profile page,

 		You cannot change password when ldap or auth proxy authentication is enabled.
 </div>```


but my case is using **generic_oauth**, I also wanna forbidden users from changing their pwd, is it okay for me to enable authProxy with empty settings like below as a workaround. any potential issues may occur?
#################################### Auth Proxy ##########################
[auth.proxy]
**enabled = true**
;header_name = X-WEBAUTH-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
;whitelist = 192.168.1.1, 192.168.2.1


FYI.

https://github.com/grafana/grafana/blob/v4.2.x/public/app/features/org/partials/change_password.html
2

That was a creative solution :grinning:

I don’t see any downsides as long as authentication works. If you can log in with a user and everything works then it is fine. There are only a few points in the code base where the auth proxy setting is used.

3

Is this still an acceptable work around for more contemporary versions of grafana? Displaying a redundant change password screen when using an OAuth integration is pretty confusing for users.

2 Likes
4

yes, this is still acceptable as of July 21.