You can change the password storage scheme using dsconf or ldapmodify
depending on what version of 389-ds-base you have. On 389-ds-base-1.4.x
you can use "dsconf", on older versions you will need to use ldapmodify:
# dsconf slapd-YOUR_INSTANCE config replace passwordStorageScheme=SSHA512
Or
# ldapmodify -D "cn=directory manager" -W
dn: cn=config
changetype: modify
replace: passwordStorageScheme
passwordStorageScheme: SSHA512
This will not change your existing user's passwords, it will only change
how new passwords are set. So if some users' passwords are already
hashed with PBKDF2_SHA256, then you need to reset the password to pick
up the new scheme.
HTH,
Mark
On 6/29/20 3:20 PM, Max Muller via FreeIPA-users wrote:
Hi all!
I want use FreeIPA with FreeRADIUS. As I can know, FreeIPA use PBKDF2_SHA256
hashes. But actual FreeRADIUS not support PBKDF2_SHA256 hashes.
Is there way to change hash in FreeIPA?
About FreeRADIUS and dsconf slapd-YOUR_INSTANCE config replace
passwordStorageScheme=SSHA512
https://github.com/FreeRADIUS/freeradius-server/issues/2649
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
--
389 Directory Server Development Team
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
