Nordgren, Bryce L -FS wrote:
You can bring over password hashes for LDAP, but not Kerberos...provided your 389-ds is
new enough to have a recently added configuration switch. If your system is in
"migration mode", then authenticating via LDAP creates Kerberos hashes
transparently.
If you're running 4.0.x, see here for some details:
https://fedorahosted.org/freeipa/ticket/4450
In his case the user's already exist so they'll be skipped over if you
re-migrate.
We sort of rely on the behavior of LDAP/389-ds when migrating users and
passwords: on an add the password policy is not examined. Other than
that it is difficult to insert a pre-hashed password, even in migration
mode.
You may be able to do it as Directory Manager. That's where I'd start
anyway.
rob
Bryce
-----Original Message-----
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Kat
Sent: Sunday, September 14, 2014 3:34 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] migrting just pws?
Trying to figure out a way to migrate just the user PWs - since all the users
were created with a script in the new layout, but I want to bring over their
old PWs, hashed of course, to the new IPA server.
Just thought I would check to see if anyone has tried to do that before?
~k
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
This electronic message contains information generated by the USDA solely for
the intended recipients. Any unauthorized interception of this message or the
use or disclosure of the information it contains may violate the law and
subject the violator to civil or criminal penalties. If you believe you have
received this message in error, please notify the sender and delete the email
immediately.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project