For our setup on RHEL8.1, the password hashing algorithm needs to be changed:
1. Run ipa-server-install with -a and -p options. 2. Use ldapmodify to change passwordStorageScheme. Now, the "admin" user's password needs to be rehashed with the new algorithm. What is the proper procedure to do this? Constraints: - Rehashing needs to be done from Ansible running shell commands or with ansible-freeipa. Using the GUI is no topion. - The default server installation has some restrictions: a) When changing the password the normal way, it is not updated in the database if it doesn't change. b) The minimum password lifetime prevents that the password is changed twice quickly. - We want to keep the LDAP and the Ipa passwords identical. Ciao Dominik ^_^ ^_^ -- Dominik Vogt _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure