Hi #freeipa, I'm working on improving my puppet-ipa module... One area I'm working on is "better password management"...
In any case, here's the problem: I want to give the script the ability to change it. The easy way to do this is to compare what it is currently, to what it is set to. As I'm assuming it's hashed, you have to compare hashes, IOW: /usr/bin/test `hashed(somepass)` = `function_lookup_hash()` Assuming the admin password is stored as a deterministic hash, I need two things: 1) To know how to run the hashing function manually (say from python) 2) To know how to lookup the stored hash manually (say from python) Thanks to ab (#freeipa), I know how to set the admin password: # split by the periods! $domain_split = split("${valid_domain}", '\.') # add dc= to each array element $prefix = prefix($domain_split, 'dc=') $suffix = join($prefix, ',') # eg: dc=example,dc=com $socket_realm = regsubst("${valid_realm}", '\.', '-', 'G') $ldapuri = "ldapi://%2fvar%2frun%2fslapd-${socket_realm}.socket" $admin_password_change = "/usr/bin/ldappasswd -Y EXTERNAL -s ` ${admin_password_exec}` -H ${ldapuri} uid=admin,cn=users,cn=accounts, ${suffix}" I also have the same question for the DM password, however I don't yet know how to set it. If someone has a script for that, I'd love that too! Thanks again! James
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel