[Freeipa-users] re-sync passwords after migration from LDAP to IPA ?
Simo Sorce
simo at redhat.com
Wed Jan 2 20:09:50 UTC 2013
On Wed, 2013-01-02 at 18:36 +0100, Jan-Frode Myklebust wrote:
> But... where do I find the LDAP passwords in IPA ? I see there's no
> "userPassword" attribute on each user as I was expecting.., so where
> is this hidden? And can it be compared against the SSHA from the old
> directory ?
Passwords are stored in both the userPassword attribute (SHA256 hash by
deault) and the krbPrincipalKey attribute an opaque and encrypted object
containing Kerberos Keys (RC4/3DES/AES keys).
If you enabled trusts or samba integration you will also have RC4 hashes
in the sambaNTpassword or ipaNThash attributes.
None of these attributes are readable, so you will not see them. Only
'cn=Directory Manager' can retrieve them, because that account has super
powers.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list