Jan-Frode Myklebust wrote:
On Tue, Sep 20, 2011 at 09:59:16AM -0400, Dmitri Pal wrote:
Password Hash Algorithm
Indicates the algorithm that the system should use to hash the password.
Currently supported values are SSHA, SHA, SMD5, and MD5. A value of NONE
or no value indicates that the system will not hash passwords. This will
cause cleartext passwords to be stored in LDAP unless the LDAP server
performs the hash (Netscape Directory Server and iPlanet Directory
Will the ipa-migration handle any of these formats ? Which would be the
I am not sure it keeps it in clear internally anywhere. Password is
always hashed unless you explicitly set it to be cleartext in the
Are you stating that based on knowledge of Sun Identity Manager? As far
as I understand SIM, I should be able to add new managed "resources"
(directories, databases, servers, etc) at a later point and push my
userdatabase to. For that to work, SIM will have to either hash to all
supported hashing methods (including cleartext??) or just keep a
cleartext version hidden somewhere.
I think he was referring to 389-ds. IPA migration grabs the raw
userPassword attribute from the remote LDAP server to create the entry
For the hash types that 389-ds supports look for passwordStorageScheme in
Freeipa-users mailing list