[Freeipa-devel] [PATCH] Allow adding entries with pre-hashed passwords, but don't generate keys for them.
Pavel Zuna
pzuna at redhat.com
Mon Oct 19 13:06:27 UTC 2009
Fix bug #528922. https://bugzilla.redhat.com/show_bug.cgi?id=528922
Simo Sorce wrote:
> On Thu, 2009-10-15 at 16:43 +0200, Pavel Zuna wrote:
>> What Nalin said is exactly what I meant in my last email in this
>> discussion (add
>> -> hashed passwords fine, don't generate keys; modify -> hashed
>> passwords bad,
>> fail operation), but he explained it much better than I could ever do.
>> I think
>> that's the approach we should take.
>
> ack,
> although I would also allow admins to always add pre-hashed passwords
> even with modify operations.
>
> Simo.
>
This patch only fixes the ADD operation - I'll make a second one for modify
next. Just to make sure: If we allow admins to modify passwords with pre-hashed
ones, we also need to delete kerberos keys (and possibly other related
attributes) if present, right?
Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Allow-adding-entries-with-pre-hashed-passwords-but.patch
Type: application/mbox
Size: 2196 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091019/94752b4e/attachment.mbox>
More information about the Freeipa-devel
mailing list