On Tue, Sep 20, 2011 at 09:59:16AM -0400, Dmitri Pal wrote:
> >
> >     Password Hash Algorithm
> >     -------------------------
> >     Indicates the algorithm that the system should use to hash the password.
> >     Currently supported values are SSHA, SHA, SMD5, and MD5. A value of NONE
> >     or no value indicates that the system will not hash passwords. This will
> >     cause cleartext passwords to be stored in LDAP unless the LDAP server
> >     performs the hash (Netscape Directory Server and iPlanet Directory
> >     Server do). 
> >
> > Will the ipa-migration handle any of these formats ? Which would be the
> > preferred ?
> >
> I am not sure it keeps it in clear internally anywhere. Password is
> always hashed unless you explicitly set it to be cleartext in the
> setting above.

Are you stating that based on knowledge of Sun Identity Manager? As far
as I understand SIM, I should be able to add new managed "resources"
(directories, databases, servers, etc) at a later point and push my
userdatabase to. For that to work, SIM will have to either hash to all
supported hashing methods (including cleartext??) or just keep a
cleartext version hidden somewhere.


Freeipa-users mailing list

Reply via email to