On Thu, 2015-02-12 at 07:38 -0800, Michael Lasevich wrote:
> Thank you, this is very helpful. I forgot about 'super admin', which is why
> I was not even seeing the values before. :-)
> How are the the values encrypted (or hashed?)
> It sounds like the password is stored in two fields(I am leaving samba out
> for now) - userpassword andkerberos principle key.

>  Is userpassword a hash?


> Of so, what kind?

Configurable, by default salted sha256 IIRC.

>  KerberosPrincipleKey you mention is encrypted with
> Kerberos master key - is the plaintext of password encrypted or is it a
> hash that is encrypted?

All keys are hashes, they are stored into a asn.1 encoded structure that
is then encrypted with the master key.

> What encryption and or hashing used for that?

It depends on the supported keys.


Simo Sorce * Red Hat, Inc * New York

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to