>>> >>> passwordStorageScheme: SSHA512 >>> >>> But if passwords are already in PBKDF2, then you will have to reset those >>> passwords. There is no undoing it without a full reset of the password at >>> this time. >> >> Yes, that's what the docs say, but a simple bind seems to be enough for me. >> I tested this and actually I could go back and forth between storage schemes >> using a simple bind. > In newer versions we do have a "update password on bind", but I didn't think > it was in that version and I wasn't sure if it downgraded schemes. I guess > it does :-)
It "updates" to the current default scheme, which if you haven't defined will be PBKDF2, so for most sites it's an "upgrade". But as you note, if you over-ride this and set your own scheme, on bind, yes it will "downgrade" to the type you need. IIRC there is actually a test for that exact use case in the integration test suites ... >> I am very happy with 389ds, its saved my ass... > > Great, we really appreciate that! Awesome! If you have more questions we'd love to hear them :) — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs, Australia _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
