Only show change password form when a password change is possible

x-pack/plugins/security/common/constants.js

@@ -6,3 +6,4 @@
 
 export const GLOBAL_RESOURCE = '*';
 export const IGNORED_TYPES = ['space'];
+export const REALMS_ELIGIBLE_FOR_PASSWORD_CHANGE = ['reserved', 'native'];

x-pack/plugins/security/public/views/account/account.html

@@ -52,7 +52,14 @@
   </div>
 
   <!-- Change password -->
+  <div class="kuiFormSection" ng-if="!showChangePassword">
+    <label class="kuiFormLabel" i18n-id="xpack.security.account.passwordLabel" i18n-default-message="Password"></label>
+    <div class="euiText">
+      <p i18n-id="xpack.security.account.changePasswordNotSupportedText"  i18n-default-message="You cannot change the password for this account."></p>
+    </div>
+  </div>
   <kbn-change-password-form
+    ng-if="showChangePassword"
     require-current-password="true"
     show-kibana-warning="user.metadata._reserved && user.username === 'kibana'"
     on-change-password="saveNewPassword(newPassword, currentPassword, onSuccess, onIncorrectPassword)"

x-pack/plugins/security/public/views/account/account.js

@@ -11,6 +11,7 @@ import template from './account.html';
 import '../management/change_password_form/change_password_form';
 import '../../services/shield_user';
 import { i18n } from '@kbn/i18n';
+import { REALMS_ELIGIBLE_FOR_PASSWORD_CHANGE } from '../../../common/constants';
 
 routes.when('/account', {
   template,
@@ -33,6 +34,9 @@ routes.when('/account', {
 
     const notifier = new Notifier();
 
+    const { authentication_realm: authenticationRealm } = $scope.user;
+    $scope.showChangePassword = REALMS_ELIGIBLE_FOR_PASSWORD_CHANGE.includes(authenticationRealm.type);
+
     $scope.saveNewPassword = (newPassword, currentPassword, onSuccess, onIncorrectPassword) => {
       $scope.user.newPassword = newPassword;
       if (currentPassword) {