On Thu, 2015-02-12 at 07:38 -0800, Michael Lasevich wrote: > Thank you, this is very helpful. I forgot about 'super admin', which is why > I was not even seeing the values before. :-) > > How are the the values encrypted (or hashed?) > > It sounds like the password is stored in two fields(I am leaving samba out > for now) - userpassword andkerberos principle key.
> Is userpassword a hash? Yes. > Of so, what kind? Configurable, by default salted sha256 IIRC. > KerberosPrincipleKey you mention is encrypted with > Kerberos master key - is the plaintext of password encrypted or is it a > hash that is encrypted? All keys are hashes, they are stored into a asn.1 encoded structure that is then encrypted with the master key. > What encryption and or hashing used for that? It depends on the supported keys. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project