On 05/22/2012 04:09 PM, Lucas Sweany wrote:
I am syncing from an AD domain one way (onewaysync: fromWindows), and
using the Password Sync service on the domain controllers. Perhaps the
Password Sync service requires the attribute?
No. You only need it if you sync passwords _to_ AD - AD requires the
clear text password.
Even if so, it would be nice if the plain text attribute were to go
away once the password hash was stored.
-Lucas
On Tue, May 22, 2012 at 2:54 PM, Rich Megginson <[email protected]
<mailto:[email protected]>> wrote:
On 05/22/2012 03:32 PM, Lucas Sweany wrote:
Is there a way to prevent the unhashed#user#password attribute
from being stored or used at all? I don't need it to be
replicated anywhere--I presume that the hashed password will be
enough to authenticate users.
Unless you need to use Windows Sync, yes. If you plan to use
Windows Sync you'll have to replicate the unhashed#user#password
to the server that has the windows sync agreement.
Thanks,
-Lucas
--
389 users mailing list
[email protected]
<mailto:[email protected]>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
