Re: [Freeipa-users] convert krbExtraData password to plain text
On Mon, Jun 16, 2014 at 12:28:09AM -0400, Dmitri Pal wrote: On 06/16/2014 12:20 AM, barry...@gmail.com wrote: dear all: Is it possible to quiry freeipa 's account password and displan in plain txt ? or convert krbExtraData to plaintxt. rather than reset it. Regards barry ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users No. IPA passwords are not reversible by design. In general it is a very bad security practice to make password reversible. Password reset is the way to go. Additionally krbExtraData does not contain the password only data needed by the kdc which does not have a specific LDAP attribute. iirc the data in krbExtraData is mostly ASN.1 coded. bye, Sumit -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] convert krbExtraData password to plain text
On Mon, 2014-06-16 at 12:20 +0800, barry...@gmail.com wrote: dear all: Is it possible to quiry freeipa 's account password and displan in plain txt ? or convert krbExtraData to plaintxt. rather than reset it. FWIW, krbExtraData does not contain passwords. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] convert krbExtraData password to plain text
dear all: Is it possible to quiry freeipa 's account password and displan in plain txt ? or convert krbExtraData to plaintxt. rather than reset it. Regards barry ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] convert krbExtraData password to plain text
On 06/16/2014 12:20 AM, barry...@gmail.com wrote: dear all: Is it possible to quiry freeipa 's account password and displan in plain txt ? or convert krbExtraData to plaintxt. rather than reset it. Regards barry ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users No. IPA passwords are not reversible by design. In general it is a very bad security practice to make password reversible. Password reset is the way to go. -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users