On Wed, 2015-04-01 at 12:33 -0400, Dmitri Pal wrote:
> On 04/01/2015 12:29 PM, Andrew Holway wrote:
> >
> >     Yes. But stored in LDAP.
> >
> >
> > Stored in LDAP salted I assume?
> >
> Yes. As the standard prescribes.

Except for the RC4 keys, but the whole keyset is encrypted with the
master key, so the hashes cannot be seen even if you have access to the
LDAP attribute.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to