Hi there, I'm hoping someone can help me find the password history entries for a particular user.
The policy is set up to store 10 passwords. Changing the password confirmS that the history works properly. From what I've found online I was lead to believe that the history entries are stored in krbPwdHistory and that I should be able to access those entries as 'Directory Manager' without restrictions. https://www.redhat.com/archives/freeipa-users/2013-July/msg00166.html However this attribute doesn't show up. Searching the database I found the appropriate entry in the policy (krbPwdHistoryLength) for how many passwords are stored but not the password history attribute itself. I've been searching the database for a specific user like this: ldapsearch -x -D 'cn=Directory Manager' -W -b 'uid=frink,cn=users,cn=accounts,dc=example,dc=com' and also searched the whole domain (default base): ldapsearch -x -D 'cn=Directory Manager' -W I've also compared the output of the whole domain prior and post to changing a users password. The attributes that changed did not include an obvious history element (unless there is some kind of magic involved). Some more details about the setup: ipa-server-4.4.0-14.el7.centos.6.x86_64, obviously running on CentOS 7. I would highly appreciate any pointers as to where I could find the history of password hashes! Thanks! Richard -- /dev/null
signature.asc
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project