[Freeipa-users] password migration
Jan-Frode Myklebust
janfrode at tanso.net
Fri Sep 23 08:08:09 UTC 2011
On Tue, Sep 20, 2011 at 09:59:16AM -0400, Dmitri Pal wrote:
> >
> > Password Hash Algorithm
> > -------------------------
> > Indicates the algorithm that the system should use to hash the password.
> > Currently supported values are SSHA, SHA, SMD5, and MD5. A value of NONE
> > or no value indicates that the system will not hash passwords. This will
> > cause cleartext passwords to be stored in LDAP unless the LDAP server
> > performs the hash (Netscape Directory Server and iPlanet Directory
> > Server do).
> >
> > Will the ipa-migration handle any of these formats ? Which would be the
> > preferred ?
> >
> I am not sure it keeps it in clear internally anywhere. Password is
> always hashed unless you explicitly set it to be cleartext in the
> setting above.
Are you stating that based on knowledge of Sun Identity Manager? As far
as I understand SIM, I should be able to add new managed "resources"
(directories, databases, servers, etc) at a later point and push my
userdatabase to. For that to work, SIM will have to either hash to all
supported hashing methods (including cleartext??) or just keep a
cleartext version hidden somewhere.
-jf
More information about the Freeipa-users
mailing list