diff --git a/.gitignore b/.gitignore
index 7e958f53a..7cdb26611 100644
--- a/.gitignore
+++ b/.gitignore
@@ -45,3 +45,4 @@
 */*.project
 
 
+.vscode/*
diff --git a/server/src/main/java/password/pwm/http/servlet/PwmServletDefinition.java b/server/src/main/java/password/pwm/http/servlet/PwmServletDefinition.java
index 14eb63350..77f599d62 100644
--- a/server/src/main/java/password/pwm/http/servlet/PwmServletDefinition.java
+++ b/server/src/main/java/password/pwm/http/servlet/PwmServletDefinition.java
@@ -76,9 +76,9 @@ public enum PwmServletDefinition
     Resource( password.pwm.http.servlet.resource.ResourceFileServlet.class, null ),
 
     AccountInformation( AccountInformationServlet.class, null ),
-    PrivateChangePassword( PrivateChangePasswordServlet.class, ChangePasswordBean.class, Flag.RequiresUserPasswordAndBind ),
+    PrivateChangePassword( PrivateChangePasswordServlet.class, ChangePasswordBean.class ),
     SetupResponses( password.pwm.http.servlet.SetupResponsesServlet.class, SetupResponsesBean.class, Flag.RequiresUserPasswordAndBind ),
-    UpdateProfile( UpdateProfileServlet.class, UpdateProfileBean.class, Flag.RequiresUserPasswordAndBind ),
+    UpdateProfile( UpdateProfileServlet.class, UpdateProfileBean.class ),
     SetupOtp( password.pwm.http.servlet.SetupOtpServlet.class, SetupOtpBean.class, Flag.RequiresUserPasswordAndBind ),
     Helpdesk( password.pwm.http.servlet.helpdesk.HelpdeskServlet.class, null ),
     Shortcuts( password.pwm.http.servlet.ShortcutServlet.class, ShortcutsBean.class ),
diff --git a/server/src/main/java/password/pwm/http/servlet/changepw/ChangePasswordServlet.java b/server/src/main/java/password/pwm/http/servlet/changepw/ChangePasswordServlet.java
index cdd8f73a2..81ab82cde 100644
--- a/server/src/main/java/password/pwm/http/servlet/changepw/ChangePasswordServlet.java
+++ b/server/src/main/java/password/pwm/http/servlet/changepw/ChangePasswordServlet.java
@@ -557,11 +557,6 @@ public ProcessStatus preProcessCheck( final PwmRequest pwmRequest )
 
         getProfile( pwmRequest );
 
-        if ( pwmSession.getLoginInfoBean().getType() == AuthenticationType.AUTH_WITHOUT_PASSWORD )
-        {
-            throw new PwmUnrecoverableException( PwmError.ERROR_PASSWORD_REQUIRED );
-        }
-
         if ( !pwmRequest.isAuthenticated() )
         {
             pwmRequest.respondWithError( PwmError.ERROR_AUTHENTICATION_REQUIRED.toInfo() );
diff --git a/server/src/main/java/password/pwm/ldap/auth/LDAPAuthenticationRequest.java b/server/src/main/java/password/pwm/ldap/auth/LDAPAuthenticationRequest.java
index 01e38c6cf..ea199bf83 100644
--- a/server/src/main/java/password/pwm/ldap/auth/LDAPAuthenticationRequest.java
+++ b/server/src/main/java/password/pwm/ldap/auth/LDAPAuthenticationRequest.java
@@ -199,8 +199,21 @@ private AuthenticationResult authenticateUserWithoutPassword() throws PwmUnrecov
 
         preAuthenticationChecks();
 
+        final boolean alwaysUseProxyIsEnabled = pwmDomain.getConfig().readSettingAsBoolean( PwmSetting.AD_USE_PROXY_FOR_FORGOTTEN );
+        ChaiProvider returnProvider;
+        
+        try 
+        {
+            returnProvider = alwaysUseProxyIsEnabled ? makeProxyProvider() : null;
+        }
+        catch ( final ChaiUnavailableException ex )
+        {   
+            log( PwmLogLevel.WARN, () -> "Unable to obtain chai provider for proxy user" );
+            returnProvider = null;
+        }
+        
         final AuthenticationResult authenticationResult = new AuthenticationResult(
-                null,
+                returnProvider,
                 AuthenticationType.AUTH_WITHOUT_PASSWORD,
                 null
         );