Re: [Freeipa-users] MD5 passwords in NIS
On Thu, 2011-12-29 at 13:13 -0500, Boris Epstein wrote: On Wed, Dec 28, 2011 at 10:18 PM, Simo Sorce s...@redhat.com wrote: On Wed, 2011-12-28 at 11:11 -0500, Boris Epstein wrote: Hello listmates, Apparently, in order to authenticate a Mac OS X Lion client to NIS one needs passwords encrypted in MD5 hash shown in the passwd and passwd.byname maps. FreeIPA at this point only shows a *. Is there a way to change that? No, we decided that one of the rules with FreeIPA was to never expose hashes to clients. Same reason why we do not export a shadow map for example. With Mac OS X you should be better off using just LDAP auth. Simo, thanks! Is there a decent manual on how to link up Mac OS X (specifically, V10.7, Lion) to a FreeIPA server as an LDAP client? I tried that - and just seem to be getting nowhere as the Mac wouldn't even give me an error message (or perhaps it is my fault for not knowing where to look but I am just lost there). Unfortunately I am not very well versed in Mac-ism, but we have an old page in our docs, and although it states it is valid only for freeipa v1 I see that it has links to some configuration guide for ldap: http://www.freeipa.org/page/ConfiguringMACOSXTigerClient This other page seem to apply only to 10.4 instead: http://www.freeipa.org/page/ConfiguringMacintoshClients HTH, Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] MD5 passwords in NIS
On Wed, Dec 28, 2011 at 10:18 PM, Simo Sorce s...@redhat.com wrote: On Wed, 2011-12-28 at 11:11 -0500, Boris Epstein wrote: Hello listmates, Apparently, in order to authenticate a Mac OS X Lion client to NIS one needs passwords encrypted in MD5 hash shown in the passwd and passwd.byname maps. FreeIPA at this point only shows a *. Is there a way to change that? No, we decided that one of the rules with FreeIPA was to never expose hashes to clients. Same reason why we do not export a shadow map for example. With Mac OS X you should be better off using just LDAP auth. Simo, thanks! Is there a decent manual on how to link up Mac OS X (specifically, V10.7, Lion) to a FreeIPA server as an LDAP client? I tried that - and just seem to be getting nowhere as the Mac wouldn't even give me an error message (or perhaps it is my fault for not knowing where to look but I am just lost there). Boris. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] MD5 passwords in NIS
On Wed, 2011-12-28 at 11:11 -0500, Boris Epstein wrote: Hello listmates, Apparently, in order to authenticate a Mac OS X Lion client to NIS one needs passwords encrypted in MD5 hash shown in the passwd and passwd.byname maps. FreeIPA at this point only shows a *. Is there a way to change that? No, we decided that one of the rules with FreeIPA was to never expose hashes to clients. Same reason why we do not export a shadow map for example. With Mac OS X you should be better off using just LDAP auth. Thanks and Happy New Year! Same! Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
