On Tue, Sep 20, 2011 at 09:59:16AM -0400, Dmitri Pal wrote: > > > > Password Hash Algorithm > > ------------------------- > > Indicates the algorithm that the system should use to hash the password. > > Currently supported values are SSHA, SHA, SMD5, and MD5. A value of NONE > > or no value indicates that the system will not hash passwords. This will > > cause cleartext passwords to be stored in LDAP unless the LDAP server > > performs the hash (Netscape Directory Server and iPlanet Directory > > Server do). > > > > Will the ipa-migration handle any of these formats ? Which would be the > > preferred ? > > > I am not sure it keeps it in clear internally anywhere. Password is > always hashed unless you explicitly set it to be cleartext in the > setting above.
Are you stating that based on knowledge of Sun Identity Manager? As far as I understand SIM, I should be able to add new managed "resources" (directories, databases, servers, etc) at a later point and push my userdatabase to. For that to work, SIM will have to either hash to all supported hashing methods (including cleartext??) or just keep a cleartext version hidden somewhere. -jf _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
