Re: [Freeipa-users] convert krbExtraData password to plain text
On Mon, 2014-06-16 at 12:20 +0800, barry...@gmail.com wrote: > dear all: > > Is it possible to quiry freeipa 's account password and displan in plain > txt ? > > or convert krbExtraData to plaintxt. rather than reset it. FWIW, krbExtraData does not contain passwords. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] convert krbExtraData password to plain text
On Mon, Jun 16, 2014 at 12:28:09AM -0400, Dmitri Pal wrote: > On 06/16/2014 12:20 AM, barry...@gmail.com wrote: > >dear all: > > > >Is it possible to quiry freeipa 's account password and displan in plain > >txt ? > > > >or convert krbExtraData to plaintxt. rather than reset it. > > > >Regards > > > >barry > > > > > > > > > >___ > >Freeipa-users mailing list > >Freeipa-users@redhat.com > >https://www.redhat.com/mailman/listinfo/freeipa-users > > No. IPA passwords are not reversible by design. > In general it is a very bad security practice to make password reversible. > Password reset is the way to go. Additionally krbExtraData does not contain the password only data needed by the kdc which does not have a specific LDAP attribute. iirc the data in krbExtraData is mostly ASN.1 coded. bye, Sumit > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] convert krbExtraData password to plain text
On 06/16/2014 12:20 AM, barry...@gmail.com wrote: dear all: Is it possible to quiry freeipa 's account password and displan in plain txt ? or convert krbExtraData to plaintxt. rather than reset it. Regards barry ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users No. IPA passwords are not reversible by design. In general it is a very bad security practice to make password reversible. Password reset is the way to go. -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users