[Fedora-directory-users] AD Password Sync Question
Rich Megginson
rmeggins at redhat.com
Fri Dec 12 18:11:08 UTC 2008
Christopher Barry wrote:
> Greetings,
>
> After reading chapter 19 of the RH docs about AD integration, I have a question regarding the 'lifetime' and locality of the plaintext password, and how this actually gets captured and sync'd.
>
> In a multi-site AD Enterprise, with a lot of DCs, would the password sync service need to run on every DC,
Yes.
> with a partnership to the one master master Directory Server?
Yes, that's the best way. You can point passsync at any master
anywhere, as long as you are prepared to deal with latency issues (e.g.
if you add a user then immediately change the password, you may have to
wait for that new user to show up on your local replica first).
> I'm wondering how if a user in Texas changes their password, it gets placed into the Directory Server Master in Pennsylvania.
>
The DS MMR protocol will update the password on all other DS servers.
>
> Thanks,
> -C
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20081212/f84b00eb/attachment.bin>
More information about the Fedora-directory-users
mailing list