[Freeipa-users] Migration to FreeIPA 2 - password update via LDAP
Dmitri Pal
dpal at redhat.com
Wed Sep 7 18:59:11 UTC 2011
On 09/07/2011 02:45 PM, Dan Scott wrote:
> Hi,
>
> I have a FreeIPA 1 system which is being migrated to FreeIPA 2. After
> migration, the script says:
>
> "Passwords have been migrated in pre-hashed format.
> IPA is unable to generate Kerberos keys unless provided
> with clear text passwords. All migrated users need to
> login at https://your.domain/ipa/migration/ before they
> can use their Kerberos accounts."
>
> I have some users who are authenticated via LDAP. Also I have a Java
> application which allows them to change their password using LDAP.
> Will existing passwords continue to work when using LDAP
> authentication/password changes? It is only Kerberos authentication
> which requires users to re-login on this special page?
>
If you update the password via LDAP using bind over SSL so that server
has the password in clear the new Kerberos hashes will be generated
automatically and kerberos will become usable for these users once again.
Also SSSD has a nice feature to migrate user passwords. Read more about
it in the SSSD docs.
> Thanks,
>
> Dan
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list