diff --git a/include/Nebula.h b/include/Nebula.h
index 328e5689dd..e91915ea35 100644
--- a/include/Nebula.h
+++ b/include/Nebula.h
@@ -438,6 +438,16 @@ public:
         return get_conf_attribute("MARKET_MAD_CONF", mk_name, value);
     };
 
+    /**
+     *  Gets an Auth driver configuration attribute
+     */
+    int get_auth_conf_attribute(
+        const string& driver_name,
+        const VectorAttribute* &value) const
+    {
+        return get_conf_attribute("AUTH_DRIVER_CONF", driver_name, value);
+    };
+
     /**
      *  Gets an XML document with all of the configuration attributes
      *    @return the XML
diff --git a/include/RequestManagerUser.h b/include/RequestManagerUser.h
index 02a416f376..043d35a228 100644
--- a/include/RequestManagerUser.h
+++ b/include/RequestManagerUser.h
@@ -50,6 +50,7 @@ protected:
 
     virtual int user_action(int                        user_id,
                             xmlrpc_c::paramList const& _paramList,
+                            RequestAttributes&         att,
                             string&                    error_str ) = 0;
 
     /* -------------------------------------------------------------------- */
@@ -74,6 +75,7 @@ public:
 
     int user_action(int                        user_id,
                     xmlrpc_c::paramList const& _paramList,
+                    RequestAttributes&         att,
                     string&                    err);
 };
 
@@ -96,6 +98,7 @@ public:
 
     int user_action(int                        user_id,
                     xmlrpc_c::paramList const& _paramList,
+                    RequestAttributes&         att,
                     string&                    err);
 };
 
@@ -117,6 +120,7 @@ public:
 
     int user_action(int                        user_id,
                     xmlrpc_c::paramList const& _paramList,
+                    RequestAttributes&         att,
                     string&                    err);
 };
 
diff --git a/share/etc/oned.conf b/share/etc/oned.conf
index 8764aed004..10793c7e78 100644
--- a/share/etc/oned.conf
+++ b/share/etc/oned.conf
@@ -999,3 +999,48 @@ MARKET_MAD_CONF = [
     REQUIRED_ATTRS = "ACCESS_KEY_ID,SECRET_ACCESS_KEY,REGION,BUCKET",
     APP_ACTIONS = "create, delete, monitor"
 ]
+
+#*******************************************************************************
+# Authentication Driver Behavior Definition
+#*******************************************************************************
+# The configuration for each driver is defined in AUTH_DRIVER_CONF. These
+# values must not be modified since they define the driver behavior.
+#   name            : name of the auth driver
+#   password_change : allow the end users to change their own password. Oneadmin
+#                     can still change other user's passwords
+#*******************************************************************************
+
+AUTH_DRIVER_CONF = [
+    NAME = "core",
+    PASSWORD_CHANGE = "YES"
+]
+
+AUTH_DRIVER_CONF = [
+    NAME = "public",
+    PASSWORD_CHANGE = "NO"
+]
+
+AUTH_DRIVER_CONF = [
+    NAME = "ssh",
+    PASSWORD_CHANGE = "YES"
+]
+
+AUTH_DRIVER_CONF = [
+    NAME = "x509",
+    PASSWORD_CHANGE = "NO"
+]
+
+AUTH_DRIVER_CONF = [
+    NAME = "ldap",
+    PASSWORD_CHANGE = "YES"
+]
+
+AUTH_DRIVER_CONF = [
+    NAME = "server_cipher",
+    PASSWORD_CHANGE = "NO"
+]
+
+AUTH_DRIVER_CONF = [
+    NAME = "server_x509",
+    PASSWORD_CHANGE = "NO"
+]
diff --git a/src/rm/RequestManagerUser.cc b/src/rm/RequestManagerUser.cc
index 9244d31805..525a8a4392 100644
--- a/src/rm/RequestManagerUser.cc
+++ b/src/rm/RequestManagerUser.cc
@@ -40,7 +40,7 @@ void RequestManagerUser::
         return;
     }
 
-    if ( user_action(id, paramList, att.resp_msg) < 0 )
+    if ( user_action(id, paramList, att, att.resp_msg) < 0 )
     {
         failure_response(ACTION, att);
         return;
@@ -54,12 +54,17 @@ void RequestManagerUser::
 
 int UserChangePassword::user_action(int     user_id,
                                     xmlrpc_c::paramList const& paramList,
+                                    RequestAttributes&         att,
                                     string& error_str)
 {
 
     string new_pass = xmlrpc_c::value_string(paramList.getString(2));
     User * user;
 
+    string driver;
+    bool   allowed = false;
+    const VectorAttribute* auth_conf;
+
     user = static_cast<User *>(pool->get(user_id,true));
 
     if ( user == 0 )
@@ -67,6 +72,24 @@ int UserChangePassword::user_action(int     user_id,
         return -1;
     }
 
+    driver = user->get_auth_driver();
+
+    if (Nebula::instance().get_auth_conf_attribute(driver, auth_conf) == 0)
+    {
+        auth_conf->vector_value("PASSWORD_CHANGE", allowed);
+    }
+
+    if (!allowed &&
+        att.uid != UserPool::ONEADMIN_ID &&
+        att.gid != GroupPool::ONEADMIN_ID)
+    {
+        error_str = "Password for driver '"+user->get_auth_driver()+
+                    "' cannot be changed.";
+
+        user->unlock();
+        return -1;
+    }
+
     int rc = user->set_password(new_pass, error_str);
 
     if ( rc == 0 )
@@ -84,6 +107,7 @@ int UserChangePassword::user_action(int     user_id,
 
 int UserChangeAuth::user_action(int     user_id,
                                 xmlrpc_c::paramList const& paramList,
+                                RequestAttributes&         att,
                                 string& error_str)
 {
     string new_auth = xmlrpc_c::value_string(paramList.getString(2));
@@ -131,6 +155,7 @@ int UserChangeAuth::user_action(int     user_id,
 
 int UserSetQuota::user_action(int     user_id,
                               xmlrpc_c::paramList const& paramList,
+                              RequestAttributes&         att,
                               string& error_str)
 {