[Freeipa-users] MD5 passwords in NIS
Simo Sorce
simo at redhat.com
Mon Jan 2 23:35:46 UTC 2012
On Thu, 2011-12-29 at 13:13 -0500, Boris Epstein wrote:
>
>
> On Wed, Dec 28, 2011 at 10:18 PM, Simo Sorce <simo at redhat.com> wrote:
> On Wed, 2011-12-28 at 11:11 -0500, Boris Epstein wrote:
> > Hello listmates,
> >
> >
> > Apparently, in order to authenticate a Mac OS X Lion client
> to NIS one
> > needs passwords encrypted in MD5 hash shown in the passwd
> and
> > passwd.byname maps. FreeIPA at this point only shows a "*".
> Is there a
> > way to change that?
>
>
> No, we decided that one of the rules with FreeIPA was to never
> expose
> hashes to clients. Same reason why we do not export a shadow
> map for
> example.
>
> With Mac OS X you should be better off using just LDAP auth.
> >
>
>
> Simo, thanks!
>
>
> Is there a decent manual on how to link up Mac OS X (specifically,
> V10.7, "Lion") to a FreeIPA server as an LDAP client? I tried that -
> and just seem to be getting nowhere as the Mac wouldn't even give me
> an error message (or perhaps it is my fault for not knowing where to
> look but I am just lost there).
>
Unfortunately I am not very well versed in Mac-ism, but we have an old
page in our docs, and although it states it is valid only for freeipa v1
I see that it has links to some configuration guide for ldap:
http://www.freeipa.org/page/ConfiguringMACOSXTigerClient
This other page seem to apply only to 10.4 instead:
http://www.freeipa.org/page/ConfiguringMacintoshClients
HTH,
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list