diff --git a/account/cbase_members.py b/account/cbase_members.py
index 5845382..47dcbfa 100644
--- a/account/cbase_members.py
+++ b/account/cbase_members.py
@@ -60,10 +60,8 @@ class MemberValues(object):
         Save the values back to the LDAP server.
         """
         dn = "uid=%s,ou=crew,dc=c-base,dc=org" % self._username
-        print 'setting dn=', dn
 
-        # TODO: Use settings for url
-        l = ldap.initialize("ldap://lea.cbrp3.c-base.org:389/")
+        l = ldap.initialize(settings.CBASE_LDAP_URL)
         l.simple_bind_s(dn, self._password)
 
         mod_attrs = []
@@ -83,6 +81,18 @@ class MemberValues(object):
         print "modattrs: ",mod_attrs
         result = l.modify_s(dn, mod_attrs)
         print "result is: ", result
+        l.unbind_s()
+
+    def change_password(self, new_password):
+        """
+        Change the password of the member.
+        You do not need to call save() after calling change_password().
+        """
+        l = ldap.initialize(settings.CBASE_LDAP_URL)
+        user_dn = self._get_bind_dn()
+        l.simple_bind_s(user_dn, self._password)
+        l.passwd_s(user_dn, self._password, new_password)
+        l.unbind_s()
 
     def to_dict(self):
         result = {}
@@ -119,3 +129,4 @@ class MemberValues(object):
         print "result is: ", result
         # TODO: if len(result)==0
         return result[0][1]
+        session.unbind_s()
diff --git a/account/forms.py b/account/forms.py
index f50d10f..01b5f24 100644
--- a/account/forms.py
+++ b/account/forms.py
@@ -61,11 +61,36 @@ class WlanPresenceForm(forms.Form):
 
 
 class PasswordForm(forms.Form):
+    old_password = forms.CharField(max_length=255, widget=forms.PasswordInput,
+        label=_('Old password'),
+        help_text=_('Enter your current password here.'))
     password1 = forms.CharField(max_length=255, widget=forms.PasswordInput,
         label=_('New password'))
     password2 = forms.CharField(max_length=255, widget=forms.PasswordInput,
         label=_('Repeat password'))
 
+    def __init__(self, *args, **kwargs):
+        self._request = kwargs.pop('request', None)
+        super(PasswordForm, self).__init__(*args, **kwargs)
+
+    def clean(self):
+        cleaned_data = super(PasswordForm, self).clean()
+        old_password = cleaned_data.get('old_password')
+        username = self._request.user.username
+        user = authenticate(username=username, password=old_password)
+
+        if not user or not user.is_active:
+            raise forms.ValidationError(_('The old password was incorrect.'),
+                    code='old_password_wrong')
+
+        password1 = cleaned_data.get('password1')
+        password2 = cleaned_data.get('password2')
+        if password1 != password2:
+            raise forms.ValidationError(
+                _('The new passwords were not identical.'),
+                code='not_identical')
+        return cleaned_data
+
 
 class RFIDForm(forms.Form):
     rfid = forms.CharField(max_length=255, label=_('Your RFID'),
diff --git a/account/templates/start.html b/account/templates/home.html
similarity index 87%
rename from account/templates/start.html
rename to account/templates/home.html
index c2b7861..f8f2aaa 100644
--- a/account/templates/start.html
+++ b/account/templates/home.html
@@ -25,6 +25,14 @@
                 </li>
             </ul>
 
+            <h3>{% trans "Your group memberships" %}</h3>
+            {% trans "You are part of the following LDAP groups:" %}
+            <ul>
+                {% for group in groups %}
+                <li><span class="label label-info">{{ group }}</span></li>
+                {% endfor %}
+            </ul>
+
             <h3>{% trans "Management information" %}</h3>
 
             <ul>
diff --git a/account/templates/password.html b/account/templates/password.html
index f81d9a9..c1bb1e4 100644
--- a/account/templates/password.html
+++ b/account/templates/password.html
@@ -9,7 +9,6 @@
 {% endblock %}
 
 {% block form_fields %}
-    {{ form.non_field_errors }}
     <form action="{% url account.views.password %}" method="post" class="form-horizontal well">
         {% csrf_token %}
         {{ form|crispy }}
diff --git a/account/views.py b/account/views.py
index 59df8bd..f8b8f5e 100644
--- a/account/views.py
+++ b/account/views.py
@@ -1,8 +1,11 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
-import hashlib
-from django.conf import settings
 
+import os
+import base64
+import hashlib
+
+from django.conf import settings
 from django.http import HttpResponseRedirect
 from django.shortcuts import render_to_response
 from django.template.context import RequestContext
@@ -16,8 +19,7 @@ from django.utils.translation import ugettext as _
 
 from forms import GastroPinForm, WlanPresenceForm, LoginForm, PasswordForm, \
     RFIDForm, NRF24Form, SIPPinForm, CLabPinForm
-from cbase_members import MemberValues, retrieve_member
-
+from cbase_members import retrieve_member
 
 def landingpage(request):
     if request.user.is_authenticated():
@@ -69,9 +71,8 @@ def auth_login(request):
 @login_required
 def home(request):
     member = retrieve_member(request)
-    context = {'member': member.to_dict()}
-    print context
-    return render(request, 'start.html', context)
+    context = {'member': member.to_dict(), 'groups': request.user.groups.all()}
+    return render(request, 'home.html', context)
 
 @login_required
 def auth_logout(request):
@@ -91,23 +92,16 @@ def groups_list(request, group_name):
         is_admin = True
     return render_to_response("group_list.html", locals())
 
-
-
 @login_required
 def sippin(request):
     return set_ldap_field(request, SIPPinForm, [('sippin', 'sippin')],
         'sippin.html')
 
-
-def calculate_gastro_hash(pin):
-    key = settings.CBASE_GASTRO_KEY
-    bla = '%s%s' % (key, pin)
-    return hashlib.sha256(bla).hexdigest()
-
 def set_hash_field(request, form_type, in_field, out_field, hash_func,
         template_name):
     """
-    Abstract view for each of the different forms.
+    Abstract view for changing LDAP attributes that need to be hashed.
+    Takes a function that converts the value into the hashed_value.
     """
     member = retrieve_member(request)
     initial = {}
@@ -116,6 +110,7 @@ def set_hash_field(request, form_type, in_field, out_field, hash_func,
         form = form_type(request.POST)
         if form.is_valid():
             hashed_value = hash_func(form.cleaned_data[in_field])
+            print 'hashed value: ', hashed_value
             member.set(out_field, hashed_value)
             member.save()
             new_form = form_type(initial=initial)
@@ -132,20 +127,55 @@ def set_hash_field(request, form_type, in_field, out_field, hash_func,
 
 @login_required
 def gastropin(request):
+    def calculate_gastro_hash(pin):
+        key = settings.CBASE_GASTRO_KEY
+        bla = '%s%s' % (key, pin)
+        return hashlib.sha256(bla).hexdigest()
+
     return set_hash_field(request, GastroPinForm,
         'gastropin1', 'gastroPIN', calculate_gastro_hash, 'gastropin.html')
 
 @login_required
-def password(request):
-    def hash_password(password):
-        return password
+def clabpin(request):
+    def calculate_clab_hash(pin):
+        salt = os.urandom(12)
+        digest = hashlib.sha1(bytearray(pin, 'UTF-8')+salt).digest()
+        return '{SSHA}' + base64.b64encode(digest + salt)
 
-    return set_ldap_field(request, PasswordForm, 'password1', 'password',
-        hash_password, 'password.html')
+    return set_hash_field(request, CLabPinForm, 'c_lab_pin1', 'c-labPIN',
+            calculate_clab_hash, 'clabpin.html')
+
+@login_required
+def password(request):
+    """
+    """
+    member = retrieve_member(request)
+
+    if request.method == 'POST':
+        form = PasswordForm(request.POST, request=request)
+
+        if form.is_valid():
+            new_password = form.cleaned_data['password1']
+            member.change_password(new_password)
+            request.session['ldap_password'] = new_password
+            request.session.save()
+            new_form = PasswordForm()
+            return render(request, 'password.html',
+                {'message': _('Your password was changed. Thank you!'),
+                 'form': new_form, 'member': member.to_dict()})
+        else:
+            return render(request, 'password.html',
+                {'form': form, 'member': member.to_dict()})
+    else:
+        form = PasswordForm()
+        return render(request, 'password.html',
+            {'form': form, 'member': member.to_dict()})
 
 def set_ldap_field(request, form_type, field_names, template_name):
     """
     Abstract view for each of the different forms.
+
+    field_names contains the mapping of the field name in the form to
     """
     member = retrieve_member(request)
     initial = {}
@@ -187,8 +217,4 @@ def nrf24(request):
 
 
 
-@login_required
-def clabpin(request):
-    return set_ldap_field(request, CLabPinForm, [('c_lab_pin1', 'c-labPIN')],
-            'clabpin.html')
 
diff --git a/cbmi/settings.py b/cbmi/settings.py
index 112cce1..60fd668 100644
--- a/cbmi/settings.py
+++ b/cbmi/settings.py
@@ -217,6 +217,9 @@ CRISPY_TEMPLATE_PACK = 'bootstrap'
 CBASE_LDAP_URL = 'ldap://lea.cbrp3.c-base.org:389/'
 CBASE_BASE_DN = 'ou=crew,dc=c-base,dc=org'
 
+# Set session cookie timeout to 10 minutes
+SESSION_COOKIE_AGE = 600
+LOGIN_URL = '/account/login/'
 #LOCALE_PATHS =
 
 try: