[Freeipa-users] Where and how are passwords stored?
Rich Megginson
rmeggins at redhat.com
Thu Feb 12 16:17:06 UTC 2015
On 02/12/2015 09:05 AM, Brad House wrote:
> On 02/12/2015 10:48 AM, Simo Sorce wrote:
>> On Thu, 2015-02-12 at 07:38 -0800, Michael Lasevich wrote:
>>> Thank you, this is very helpful. I forgot about 'super admin', which
>>> is why
>>> I was not even seeing the values before. :-)
>>>
>>> How are the the values encrypted (or hashed?)
>>>
>>> It sounds like the password is stored in two fields(I am leaving
>>> samba out
>>> for now) - userpassword andkerberos principle key.
>>
>>> Is userpassword a hash?
>>
>> Yes.
>>
>>> Of so, what kind?
>>
>> Configurable, by default salted sha256 IIRC.
>
> Out of curiousity, where is this configurable?
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management.html#User_Account_Management-Managing_the_Password_Policy
This is the passwordStorageScheme attribute.
> Also, is it using it in
> conjunction with something like PBKDF2?
https://fedorahosted.org/389/ticket/397
> I'd love to know more info on this
> as we might want to increase the defaults ourselves.
>
>
> Thanks!
> -Brad
>
More information about the Freeipa-users
mailing list