On 02/12/2015 09:05 AM, Brad House wrote:
On 02/12/2015 10:48 AM, Simo Sorce wrote:
On Thu, 2015-02-12 at 07:38 -0800, Michael Lasevich wrote:
Thank you, this is very helpful. I forgot about 'super admin', which is why
I was not even seeing the values before. :-)

How are the the values encrypted (or hashed?)

It sounds like the password is stored in two fields(I am leaving samba out
for now) - userpassword andkerberos principle key.

  Is userpassword a hash?

Yes.

Of so, what kind?

Configurable, by default salted sha256 IIRC.

Out of curiousity, where is this configurable?

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management.html#User_Account_Management-Managing_the_Password_Policy

This is the passwordStorageScheme attribute.
Also, is it using it in
conjunction with something like PBKDF2?

https://fedorahosted.org/389/ticket/397

I'd love to know more info on this
as we might want to increase the defaults ourselves.


Thanks!
-Brad


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to