Hello everyone, As I explained you some time ago, I have been skirting the ipa's limitation to setting pre-hashed passwords by using ldappasswd. (I know you guys think it's wrong. In this case the hashes come from an other ldap which, for intern reasons, we can not synchronize with otherwise than by frequent ldif extractions. So it's the only solution to have unified passwords)
To have the kerberos key generated, I can ask the users to do an ldapsearch or to ssh on a machine with sssd enabled. Yet, as most users will mainly want to use the WebUi, I am looking for a way to have them able to connect to it without needing to do an ldapsearch first. To be precise, I set the userPassword field using ldappasswd, and delete the krbprincipalkey. Do you see any way to make the webui directly authenticable ? Thanks, Sebastien Julliot.
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project