[Freeipa-users] convert krbExtraData password to plain text
Sumit Bose
sbose at redhat.com
Mon Jun 16 07:42:11 UTC 2014
On Mon, Jun 16, 2014 at 12:28:09AM -0400, Dmitri Pal wrote:
> On 06/16/2014 12:20 AM, barrykfl at gmail.com wrote:
> >dear all:
> >
> >Is it possible to quiry freeipa 's account password and displan in plain
> >txt ?
> >
> >or convert krbExtraData to plaintxt. rather than reset it.
> >
> >Regards
> >
> >barry
> >
> >
> >
> >
> >_______________________________________________
> >Freeipa-users mailing list
> >Freeipa-users at redhat.com
> >https://www.redhat.com/mailman/listinfo/freeipa-users
>
> No. IPA passwords are not reversible by design.
> In general it is a very bad security practice to make password reversible.
> Password reset is the way to go.
Additionally krbExtraData does not contain the password only data needed
by the kdc which does not have a specific LDAP attribute. iirc the data
in krbExtraData is mostly ASN.1 coded.
bye,
Sumit
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list