Re: [Freeipa-users] Bypass pre-hashed passwords verification

2016-07-25 Thread Rob Crittenden
Sébastien Julliot wrote: Looks like I spoke too fast. Using ldappasswd, no problems with ldap queries. But kinit rejects my password .. That is expected. You changed to a pre-hashed password (potentially) so how can IPA generate Kerberos credentials? I think ldappasswd working is a bug. IP

Re: [Freeipa-users] Bypass pre-hashed passwords verification

2016-07-25 Thread Petr Spacek
On 25.7.2016 14:00, Sébastien Julliot wrote: > Looks like I spoke too fast. Using ldappasswd, no problems with ldap > queries. > > But kinit rejects my password .. AFAIK this works only for LDAP ADD operation. Rob, do you remember? Petr^2 Spacek > Le 25/07/2016 à 11:58, Sébastien Julliot a écri

Re: [Freeipa-users] Bypass pre-hashed passwords verification

2016-07-25 Thread Sébastien Julliot
Looks like I spoke too fast. Using ldappasswd, no problems with ldap queries. But kinit rejects my password .. Le 25/07/2016 à 11:58, Sébastien Julliot a écrit : > Hello Rob, > > The indicated method was unsuccessful, but I found another way to do it :) > > Here is a summary of my unsuccessful t

Re: [Freeipa-users] Bypass pre-hashed passwords verification

2016-07-25 Thread Sébastien Julliot
Hello Rob, The indicated method was unsuccessful, but I found another way to do it :) Here is a summary of my unsuccessful tests : ➜ ~ ipa user-add testuser --first=test --last=user --setattr userpassword='{MD5}8UBIfmQu5CpHAAniVJWPrQ==' --- Utilisateur « testuser »

Re: [Freeipa-users] Bypass pre-hashed passwords verification

2016-07-22 Thread Rob Crittenden
Sébastien Julliot wrote: Hi Petr, Thanks for the documentations. I already had followed the steps from the NIS migration page, it works, but does not solve my problem, which is to change *already existing users* passwords. When trying ipa user-mod testuser --setattr userpassword='{MD5}G3TITOe

Re: [Freeipa-users] Bypass pre-hashed passwords verification

2016-07-22 Thread Sébastien Julliot
Hi Petr, Thanks for the documentations. I already had followed the steps from the NIS migration page, it works, but does not solve my problem, which is to change *already existing users* passwords. When trying ipa user-mod testuser --setattr userpassword='{MD5}G3TITOeG1vuPf/IJyhw8WA==' I get "

Re: [Freeipa-users] Bypass pre-hashed passwords verification

2016-07-22 Thread Petr Vobornik
On 07/22/2016 11:42 AM, Sébastien Julliot wrote: > Hello everyone, > > I am currently trying to deploy FreeIPA as the new idm system in my > university but came across a problem I could not solve yet. I need to > bypass the pre-hashed passwords verification, not only on the user creation. > > Due

[Freeipa-users] Bypass pre-hashed passwords verification

2016-07-22 Thread Sébastien Julliot
Hello everyone, I am currently trying to deploy FreeIPA as the new idm system in my university but came across a problem I could not solve yet. I need to bypass the pre-hashed passwords verification, not only on the user creation. Due to several constraints, our workflow involves periodically (on