Hi there,

I'm hoping someone can help me find the password history entries for
a particular user.

The policy is set up to store 10 passwords. Changing the password
confirmS that the history works properly.

From what I've found online I was lead to believe that the history
entries are stored in krbPwdHistory and that I should be able to
access those entries as 'Directory Manager' without restrictions.


However this attribute doesn't show up. Searching the database I
found the appropriate entry in the policy (krbPwdHistoryLength) for
how many passwords are stored but not the password history attribute

I've been searching the database for a specific user like this:
ldapsearch -x -D 'cn=Directory Manager' -W -b

and also searched the whole domain (default base):
ldapsearch -x -D 'cn=Directory Manager' -W

I've also compared the output of the whole domain prior and post to
changing a users password. The attributes that changed did not
include an obvious history element (unless there is some kind of
magic involved).

Some more details about the setup:
ipa-server-4.4.0-14.el7.centos.6.x86_64, obviously running on CentOS 7.

I would highly appreciate any pointers as to where I could find the
history of password hashes!



Attachment: signature.asc
Description: OpenPGP digital signature

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to