[Freeipa-devel] Consistent password hashing and lookups
James
purpleidea at gmail.com
Sun May 11 17:27:39 UTC 2014
Hi #freeipa,
I'm working on improving my puppet-ipa module...
One area I'm working on is "better password management"...
In any case, here's the problem:
I want to give the script the ability to change it. The easy way to do
this is to compare what it is currently, to what it is set to. As I'm
assuming it's hashed, you have to compare hashes, IOW:
/usr/bin/test `hashed(somepass)` = `function_lookup_hash()`
Assuming the admin password is stored as a deterministic hash, I need
two things:
1) To know how to run the hashing function manually (say from python)
2) To know how to lookup the stored hash manually (say from python)
Thanks to ab (#freeipa), I know how to set the admin password:
# split by the periods!
$domain_split = split("${valid_domain}", '\.')
# add dc= to each array element
$prefix = prefix($domain_split, 'dc=')
$suffix = join($prefix, ',') # eg: dc=example,dc=com
$socket_realm = regsubst("${valid_realm}", '\.', '-', 'G')
$ldapuri = "ldapi://%2fvar%2frun%2fslapd-${socket_realm}.socket"
$admin_password_change = "/usr/bin/ldappasswd -Y EXTERNAL -s `
${admin_password_exec}` -H ${ldapuri} uid=admin,cn=users,cn=accounts,
${suffix}"
I also have the same question for the DM password, however I don't yet
know how to set it. If someone has a script for that, I'd love that too!
Thanks again!
James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140511/b980c6fd/attachment.sig>
More information about the Freeipa-devel
mailing list