[Freeipa-users] check host password age
Martin Kosek
mkosek at redhat.com
Wed Mar 13 09:21:05 UTC 2013
On 03/13/2013 09:55 AM, Petr Spacek wrote:
> On 12.3.2013 14:41, Stijn De Weirdt wrote:
...
>> i guess the timestamps are somehwere in the ldap schema, i would like to know
>> where or how i can find them.
>> and if possible, how to do that using the ipalib python api.
>>
>> btw, is it correct for me to assume that when has_keytab=True that the host
>> password is useless or even better unusable with that host?
> Sorry, I have to defer this question to more competent people :-)
I think you could rather check that has_password=False. This effectively means
that the principal has no userPassword attribute which could be used for
authentication.
has_keytab=True means that keys/keytab was generated, i.e. krbPrincipalKey is
present.
Martin
More information about the Freeipa-users
mailing list