My first time posting. I didn't realize I needed to reply-all to include
the group. Oops!

---------- Forwarded message ----------
From: Joanna Delaporte <>
Date: Thu, Jun 30, 2016 at 10:21 AM
Subject: Re: [Freeipa-users] How to migrate users with md5 and sha512
To: Rob Crittenden <>

Hi Rob,

Thanks for the clarification on the migration being able to handle standard
crypt passwords of the standard hash types. I seem to have one user that
worked and one that didn't. I'm migrating about 4000 users, but I only have
two users' passwords to test. The password that hasn't worked is about 20
chars long in cleartext. Do you know if there is a character length limit
for the passwords?

Today I'll be deleting and re-adding those two users a few times while I
try to figure out what I am missing. What is the best way to make sure the
client has an updated password accessible to sssd? I looked through the
RHEL 7 Domain Identity, Auth, and Policy Guide and didn't find a
recommended procedure for refreshing sssd cache. Should I restart the sssd
service on the IPA client when I delete/readd a user with a crypt password?

I do have sshd set with ChallengeResponseAuthentication yes.


On Thu, Jun 30, 2016 at 8:16 AM, Rob Crittenden <> wrote:

> Joanna Delaporte wrote:
>> I am migrating an NIS domain to IPA. I have attempted to follow the
>> instructions
>> <>
>> for
>> NIS account crypted password migration, but I haven't yet successfully
>> used password authentication to log in to remote machines.
>> The instructions expect I would migrate DES-encrypted passwords, but I
>> have a mixture of md5 and sha512-encrypted passwords. Do I need to
>> follow a different process, or am I chasing the wrong problem?
>> This is my first IPA realm.
> If you have crypt-compatible passwords ($6$<huge string>) then just pass
> it in as {crypt}$6$... and it should work fine.
> You can ONLY set a pre-hashed password in migration mode AND when adding
> the user. You can't add the user then set a hashed password.
> rob


Joanna Delaporte
Linux Systems Administrator | Parkland College


Joanna Delaporte
Linux Systems Administrator | Parkland College
Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to