Re: [Freeipa-users] import debian (salted SHA-512) password
On 10/13/2015 02:35 AM, Simo Sorce wrote:
> On 11/10/15 21:39, Benjamin Reed wrote:
>> On 10/11/15 12:59 PM, Benjamin Reed wrote:
>>> ...but I'm not sure exactly what format to use to import a
>>> "$6$salt$hash" style password from an existing debian system.
>>
>> Just a note for future folks trying to do this, I was able to do it by
>> enabling adding users with {CRYPT}:
>>
>> ipa config-mod --enable-migration=1
>> ipa user-add \
>> --first=John --last=Doe \
>> --setattr userPassword='{CRYPT}$6$salt$hash' john_doe
>>
>> Now I just need them to ssh in once to initialize kerberos passwords, right?
>
> That's all you need if you are inm migration mode and the server they log in
> is
> configured with SSSD.
>
> Simo.
... or use the Web service:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/Migrating_from_a_Directory_Server_to_IPA.html#webpage-pwd-migr
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] import debian (salted SHA-512) password
On 11/10/15 21:39, Benjamin Reed wrote:
On 10/11/15 12:59 PM, Benjamin Reed wrote:
...but I'm not sure exactly what format to use to import a
"$6$salt$hash" style password from an existing debian system.
Just a note for future folks trying to do this, I was able to do it by
enabling adding users with {CRYPT}:
ipa config-mod --enable-migration=1
ipa user-add \
--first=John --last=Doe \
--setattr userPassword='{CRYPT}$6$salt$hash' john_doe
Now I just need them to ssh in once to initialize kerberos passwords, right?
That's all you need if you are inm migration mode and the server they
log in is configured with SSSD.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
[Freeipa-users] import debian (salted SHA-512) password
Is there a way for me to import existing SHA-512 passwords into
FreeIPA? I've found this old post that implies I could set the password
to {ALG}PASS:
https://www.redhat.com/archives/freeipa-users/2013-April/msg00028.html
...but I'm not sure exactly what format to use to import a
"$6$salt$hash" style password from an existing debian system.
Any ideas?
--
Benjamin Reed
The OpenNMS Group
http://www.opennms.org/
signature.asc
Description: OpenPGP digital signature
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] import debian (salted SHA-512) password
On 10/11/15 12:59 PM, Benjamin Reed wrote:
> ...but I'm not sure exactly what format to use to import a
> "$6$salt$hash" style password from an existing debian system.
Just a note for future folks trying to do this, I was able to do it by
enabling adding users with {CRYPT}:
ipa config-mod --enable-migration=1
ipa user-add \
--first=John --last=Doe \
--setattr userPassword='{CRYPT}$6$salt$hash' john_doe
Now I just need them to ssh in once to initialize kerberos passwords, right?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
