On Tue, Sep 20, 2011 at 09:59:16AM -0400, Dmitri Pal wrote:
> > Password Hash Algorithm
> > -------------------------
> > Indicates the algorithm that the system should use to hash the password.
> > Currently supported values are SSHA, SHA, SMD5, and MD5. A value of NONE
> > or no value indicates that the system will not hash passwords. This will
> > cause cleartext passwords to be stored in LDAP unless the LDAP server
> > performs the hash (Netscape Directory Server and iPlanet Directory
> > Server do).
> > Will the ipa-migration handle any of these formats ? Which would be the
> > preferred ?
> I am not sure it keeps it in clear internally anywhere. Password is
> always hashed unless you explicitly set it to be cleartext in the
> setting above.
Are you stating that based on knowledge of Sun Identity Manager? As far
as I understand SIM, I should be able to add new managed "resources"
(directories, databases, servers, etc) at a later point and push my
userdatabase to. For that to work, SIM will have to either hash to all
supported hashing methods (including cleartext??) or just keep a
cleartext version hidden somewhere.
Freeipa-users mailing list