John Desantis wrote: > Hello all, > >> The PKCS#12 file of the CA root generated by IPA during installation is >> protected by the DM password. >> >> An updated file can be generated using PKCS12Export if desired. >> > > Is this step actually required when changing the directory manager > password > (https://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html)? > > If I'm reading the documentation properly, it appears that FreeIPA > versions >= 4.x do not require this step. Is this correct?
This step is needed for very old IPA installations. rob > > Thank you! > John DeSantis > > Il giorno gio 20 mag 2021 alle ore 08:53 Rob Crittenden via > FreeIPA-users <[email protected]> ha scritto: >> >> Florence Renaud via FreeIPA-users wrote: >>> Hi Ian, >>> with IPA 4.6.8 you just need to follow the 389ds doc. >>> The procedure was more complex in version < 3.2.2 because there were two >>> 389ds instances (one for the regular suffix and one for the Certificate >>> Server) and the password has to be manually synchronized between the 2, >>> and the replica installation was done using a different procedure (you >>> had to prepare a replica file containing passwords, private keys, >>> certificates and then transfer this file on the future replica). >> >> The PKCS#12 file of the CA root generated by IPA during installation is >> protected by the DM password. >> >> An updated file can be generated using PKCS12Export if desired. >> >> rob >> >>> HTH, >>> flo >>> >>> On Tue, May 18, 2021 at 7:41 PM Ian Pilcher via FreeIPA-users >>> <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Maybe it's just me, but I still find the documentation on this subject >>> confusing. (This is probably because the docs seem to be telling me >>> that I don't need to do anything beyond the actual password change, and >>> I don't trust answers that seem too easy.) >>> >>> I running a single-node IPA 4.6.8 on RHEL 7. The actual password change >>> with ldapmodify[1] is simple enough. Am I reading the FreeIPA >>> documentation[2] correctly, that I don't need to perform any other >>> steps? >>> >>> Thanks! >>> >>> [1] >>> >>> https://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html >>> [2] https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password >>> >>> -- >>> ======================================================================== >>> Ian Pilcher Sr. Principal Product Manager >>> +1 469 892-8704 Red Hat Cloud Platforms >>> ======================================================================== >>> _______________________________________________ >>> FreeIPA-users mailing list -- [email protected] >>> <mailto:[email protected]> >>> To unsubscribe send an email to >>> [email protected] >>> <mailto:[email protected]> >>> Fedora Code of Conduct: >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> >>> https://lists.fedorahosted.org/archives/list/[email protected] >>> Do not reply to spam on the list, report it: >>> https://pagure.io/fedora-infrastructure >>> >>> >>> _______________________________________________ >>> FreeIPA-users mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >>> Fedora Code of Conduct: >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedorahosted.org/archives/list/[email protected] >>> Do not reply to spam on the list, report it: >>> https://pagure.io/fedora-infrastructure >>> >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> Do not reply to spam on the list, report it: >> https://pagure.io/fedora-infrastructure > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
