[Freeipa-users] Password Attribute Syncing Support
Rob Crittenden
rcritten at redhat.com
Thu Mar 18 22:10:45 UTC 2010
Walter Meyer wrote:
> I am testing out FreeIPA and am wondering if FreeIPA is compatible with
> the Google Apps password sync utility. Specifically my question in
> relation to FreeIPA is how the password attribute is stored in the DS?
> Is it in any of these Google Apps supported formats: MD5, SHA1, or Plain
> Text? If not can I change it to one of these, or is this a bad idea?
> Thanks in advance.
>
I'm not familiar with the Google Apps password sync utility, do you have
any pointers describing how it works?
In general though IPA needs to receive password changes in cleartext so
it can generate matching kerberos keys. We can currently accept password
changes over LDAP and the kerberos password protocol. Setting a password
using either of these methods keeps all passwords/keys in sync. This
requires an encrypted channel using either SSL or SASL.
rob
More information about the Freeipa-users
mailing list