On Mon, Jun 16, 2014 at 12:28:09AM -0400, Dmitri Pal wrote:
> On 06/16/2014 12:20 AM, barry...@gmail.com wrote:
> >dear all:
> >
> >Is it possible to quiry freeipa 's account password and displan in plain
> >txt ?
> >
> >or convert krbExtraData to plaintxt. rather than reset it.
> >
> >Regards
> >
> >barry
> >
> >
> >
> >
> >_______________________________________________
> >Freeipa-users mailing list
> >Freeipa-users@redhat.com
> >https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> No. IPA passwords are not reversible by design.
> In general it is a very bad security practice to make password reversible.
> Password reset is the way to go.

Additionally krbExtraData does not contain the password only data needed
by the kdc which does not have a specific LDAP attribute. iirc the data
in krbExtraData is mostly ASN.1 coded.

bye,
Sumit

> 
> -- 
> Thank you,
> Dmitri Pal
> 
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
> 

> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to