Ok, after a few awkward questions from an auditor, I am starting to face the uncomfortable truth that my understanding about how FreeIPA works is a lot fuzzier than I would like.
Specifically, the question I could not answer - where are the passwords stored and how are they encrypted? My understanding is that all authentication is handled by Kerberos server, which stores its data in LDAP - but where and how is a bit of a mystery to me. Any way to dump out the password hashes? Thanks, -M
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project