[Freeipa-users] password history
Richard Neuboeck
hawk at tbi.univie.ac.at
Thu Apr 13 09:49:11 UTC 2017
Hi there,
I'm hoping someone can help me find the password history entries for
a particular user.
The policy is set up to store 10 passwords. Changing the password
confirmS that the history works properly.
From what I've found online I was lead to believe that the history
entries are stored in krbPwdHistory and that I should be able to
access those entries as 'Directory Manager' without restrictions.
https://www.redhat.com/archives/freeipa-users/2013-July/msg00166.html
However this attribute doesn't show up. Searching the database I
found the appropriate entry in the policy (krbPwdHistoryLength) for
how many passwords are stored but not the password history attribute
itself.
I've been searching the database for a specific user like this:
ldapsearch -x -D 'cn=Directory Manager' -W -b
'uid=frink,cn=users,cn=accounts,dc=example,dc=com'
and also searched the whole domain (default base):
ldapsearch -x -D 'cn=Directory Manager' -W
I've also compared the output of the whole domain prior and post to
changing a users password. The attributes that changed did not
include an obvious history element (unless there is some kind of
magic involved).
Some more details about the setup:
ipa-server-4.4.0-14.el7.centos.6.x86_64, obviously running on CentOS 7.
I would highly appreciate any pointers as to where I could find the
history of password hashes!
Thanks!
Richard
--
/dev/null
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170413/b2f5189c/attachment.sig>
More information about the Freeipa-users
mailing list