[Freeipa-users] AES reverse encryption plugin on userPassword attribute
Petr Spacek
pspacek at redhat.com
Fri Jul 1 11:35:24 UTC 2016
On 30.6.2016 15:30, opensauce . wrote:
> Hi All,
>
> I need to store user passwords with reverse encryption for an application.
>
> I know the AES plugin is enabled and available :
>
> # AES, Password Storage Schemes, plugins, config
> dn: cn=AES,cn=Password Storage Schemes,cn=plugins,cn=config
> cn: AES
> nsslapd-pluginDescription: AES storage scheme plugin
> nsslapd-pluginEnabled: on
> nsslapd-pluginId: aes-storage-scheme
> nsslapd-pluginInitfunc: aes_init
> nsslapd-pluginPath: libpbe-plugin
> nsslapd-pluginType: reverpwdstoragescheme
> nsslapd-pluginVendor: 389 Project
> nsslapd-pluginVersion: 1.3.4.0
> nsslapd-pluginarg0: nsmultiplexorcredentials
> nsslapd-pluginarg1: nsds5ReplicaCredentials
> nsslapd-pluginprecedence: 1
> objectClass: top
> objectClass: nsSlapdPlugin
> objectClass: extensibleObject
>
> How do I apply this plugin to the userPassword attribute of a single or
> multiple users?
Generally FreeIPA tries to hide passwords as much as possible even from admins
so this is not enabled by default. You might try to experiment using 389 DS
documentation [1] but there are no guarantees.
[1] http://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list