Hi, Not sure on the details here so please bear with me When passsync is setup some users can be exempted from the sync.
So I have 2 questions or requests for features maybe. This feature is good, however there is nothing within the IPA system that I can see that prevents a user manually setting the same password in IPA as they have in AD. So even if we have a written policy that says you cannot do this it looks like we cannot check or enforce it. Hence I see this as an audit failure. So what Im asking is I guess is there any way that when a password sync occurs the "hash" of the IPA password and the "hash" the AD password would be converted to, gets compared and a security violation is raised if they match? If not would this be a useful feature? to me I think it would be something we'd like for audit purposes. Secondly, at the moment it looks like I have to add each user via a command line function. Can we get this setup via a user group? That way its a point and click and its easily visually auditable. regards Steven Jones Technical Specialist - Linux RHCE Victoria University ITS, Level 8 Rankin Brown Building, Wellington, NZ 6012 0064 4 463 6272 _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users