[Freeipa-devel] #4450: how to allow password migration?
Martin Kosek
mkosek at redhat.com
Tue Jul 22 15:01:54 UTC 2014
Hello,
I was thinking more about the solution to fix migration in FreeIPA 4.0 as
proposed in
https://fedorahosted.org/freeipa/ticket/4450#comment:6
and I realized it will be more complicated.
Conditionally enabling nsslapd-allow-hashed-passwords in cn=config when
migration mode is enabled is tricky as this setting is not replicated, compared
to ipamigrationenabled.
So enabling the migration on one server would still leave it broken on other
servers. The same applies for disabling it again.
Any ideas how to solve the issue? I am thinking we may need to unconditionally
enable this cn=config setting for now to unblock migration (thus effectively
revert https://fedorahosted.org/389/ticket/47389). Any other solution I can
think of would be too complicated.
Thanks.
--
Martin Kosek <mkosek at redhat.com>
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.
More information about the Freeipa-devel
mailing list