On Mon, Jun 16, 2014 at 12:28:09AM -0400, Dmitri Pal wrote: > On 06/16/2014 12:20 AM, [email protected] wrote: > >dear all: > > > >Is it possible to quiry freeipa 's account password and displan in plain > >txt ? > > > >or convert krbExtraData to plaintxt. rather than reset it. > > > >Regards > > > >barry > > > > > > > > > >_______________________________________________ > >Freeipa-users mailing list > >[email protected] > >https://www.redhat.com/mailman/listinfo/freeipa-users > > No. IPA passwords are not reversible by design. > In general it is a very bad security practice to make password reversible. > Password reset is the way to go.
Additionally krbExtraData does not contain the password only data needed by the kdc which does not have a specific LDAP attribute. iirc the data in krbExtraData is mostly ASN.1 coded. bye, Sumit > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
