[Freeipa-users] Migration to FreeIPA 2 - password update via LDAP
Rob Crittenden
rcritten at redhat.com
Wed Sep 7 19:12:48 UTC 2011
Dan Scott wrote:
> Hi,
>
> I have a FreeIPA 1 system which is being migrated to FreeIPA 2. After
> migration, the script says:
>
> "Passwords have been migrated in pre-hashed format.
> IPA is unable to generate Kerberos keys unless provided
> with clear text passwords. All migrated users need to
> login at https://your.domain/ipa/migration/ before they
> can use their Kerberos accounts."
>
> I have some users who are authenticated via LDAP. Also I have a Java
> application which allows them to change their password using LDAP.
> Will existing passwords continue to work when using LDAP
> authentication/password changes? It is only Kerberos authentication
> which requires users to re-login on this special page?
>
> Thanks,
>
> Dan
That is correct.
When the user authenticates to this special page (sssd can also handle
this) then Kerberos credentials are generated for the user.
rob
More information about the Freeipa-users
mailing list