[Freeipa-users] Where and how are passwords stored?
Simo Sorce
simo at redhat.com
Thu Feb 12 15:48:42 UTC 2015
On Thu, 2015-02-12 at 07:38 -0800, Michael Lasevich wrote:
> Thank you, this is very helpful. I forgot about 'super admin', which is why
> I was not even seeing the values before. :-)
>
> How are the the values encrypted (or hashed?)
>
> It sounds like the password is stored in two fields(I am leaving samba out
> for now) - userpassword andkerberos principle key.
> Is userpassword a hash?
Yes.
> Of so, what kind?
Configurable, by default salted sha256 IIRC.
> KerberosPrincipleKey you mention is encrypted with
> Kerberos master key - is the plaintext of password encrypted or is it a
> hash that is encrypted?
All keys are hashes, they are stored into a asn.1 encoded structure that
is then encrypted with the master key.
> What encryption and or hashing used for that?
It depends on the supported keys.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list