On Thu, 2015-02-12 at 07:38 -0800, Michael Lasevich wrote:
> Thank you, this is very helpful. I forgot about 'super admin', which is why
> I was not even seeing the values before. :-)
> How are the the values encrypted (or hashed?)
> It sounds like the password is stored in two fields(I am leaving samba out
> for now) - userpassword andkerberos principle key.
> Is userpassword a hash?
> Of so, what kind?
Configurable, by default salted sha256 IIRC.
> KerberosPrincipleKey you mention is encrypted with
> Kerberos master key - is the plaintext of password encrypted or is it a
> hash that is encrypted?
All keys are hashes, they are stored into a asn.1 encoded structure that
is then encrypted with the master key.
> What encryption and or hashing used for that?
It depends on the supported keys.
Simo Sorce * Red Hat, Inc * New York
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project