It's one-way hashed. You don't want to store plaintext passwords anywhere, or even passwords encrypted with a two-way algorithm, because people tend to use the same passwords in multiple places so in addition to comprimising your site, you also hose all your users elsewhere.
Chris On 2013-02-12 20:53, Asmaa Ahmed wrote: > > Hello, > I am having kerberos MIT integrated to LDAP as a backend which is good so > far.The problem that I have some applications doesn't support Kerberos to > restore the user credentials.I wonder if I can decrypt the password from > Kerberos server manually to have it in a plaintext, so I can do some password > sync between Kerberos/ldap server and the application DB!!!My target is > having a script or so to get all the original kerberos principals passwords. > Thanks. > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
