[Freeipa-users] Password Attribute Syncing Support
Walter Meyer
wgmeyer at gmail.com
Thu Mar 18 23:47:35 UTC 2010
Sorry I should have linked to the manual for it:
http://www.postini.com/webdocs/gads/admin
The Google Apps utility actually syncs passwords from LDAP to Google Apps,
not the other way around. The manual says that the utility supports password
attributes in MD5, SHA1, or Clear Text. So I am wondering how they are
stored in the IPA DS.
On Thu, Mar 18, 2010 at 6:10 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Walter Meyer wrote:
>
>> I am testing out FreeIPA and am wondering if FreeIPA is compatible with
>> the Google Apps password sync utility. Specifically my question in relation
>> to FreeIPA is how the password attribute is stored in the DS? Is it in any
>> of these Google Apps supported formats: MD5, SHA1, or Plain Text? If not can
>> I change it to one of these, or is this a bad idea? Thanks in advance.
>>
>>
> I'm not familiar with the Google Apps password sync utility, do you have
> any pointers describing how it works?
>
> In general though IPA needs to receive password changes in cleartext so it
> can generate matching kerberos keys. We can currently accept password
> changes over LDAP and the kerberos password protocol. Setting a password
> using either of these methods keeps all passwords/keys in sync. This
> requires an encrypted channel using either SSL or SASL.
>
> rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20100318/b3df188c/attachment.htm>
More information about the Freeipa-users
mailing list