On Wed, 2015-04-01 at 12:33 -0400, Dmitri Pal wrote: > On 04/01/2015 12:29 PM, Andrew Holway wrote: > > > > Yes. But stored in LDAP. > > > > > > Stored in LDAP salted I assume? > > > Yes. As the standard prescribes.
Except for the RC4 keys, but the whole keyset is encrypted with the master key, so the hashes cannot be seen even if you have access to the LDAP attribute. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project