On 9/22/20 12:33 PM, Tornóci László wrote:
Hi,
On 9/22/20 6:23 PM, Mark Reynolds wrote:
On 9/22/20 3:42 AM, Tornóci László wrote:
Hi,
I recently upgraded my system from RHEL7 to RHEL8, together with
389ds. Apparently this has caused to upgrade the storage scheme of
the user passwords to PBKDF2_SHA256. Everything works fine except
freeradius does not support this storage scheme at the moment.
How can I downgrade the storage scheme in 389ds to something that is
supported by freeradius in such a way, that doesn't force my users
to change their passwords?
Well first you need to change the scheme in cn=config to something like:
passwordStorageScheme: SSHA512
But if passwords are already in PBKDF2, then you will have to reset
those passwords. There is no undoing it without a full reset of the
password at this time.
Yes, that's what the docs say, but a simple bind seems to be enough
for me. I tested this and actually I could go back and forth between
storage schemes using a simple bind.
In newer versions we do have a "update password on bind", but I didn't
think it was in that version and I wasn't sure if it downgraded
schemes. I guess it does :-)
I am very happy with 389ds, its saved my ass...
Great, we really appreciate that!
Cheers,
Mark
Laszlo
HTH,
Mark
Thanks: Laszlo
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
--
389 Directory Server Development Team
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
