Well I definitely don't need that. It looks like I will end up writing a
script to delete or overwrite the attribute for now.
Thanks,
-Lucas
On Tue, May 22, 2012 at 3:12 PM, Rich Megginson <rmeggins(a)redhat.com> wrote:
On 05/22/2012 04:09 PM, Lucas Sweany wrote:
I am syncing from an AD domain one way (onewaysync: fromWindows), and
using the Password Sync service on the domain controllers. Perhaps the
Password Sync service requires the attribute?
No. You only need it if you sync passwords _to_ AD - AD requires the
clear text password.
Even if so, it would be nice if the plain text attribute were to go away
once the password hash was stored.
-Lucas
On Tue, May 22, 2012 at 2:54 PM, Rich Megginson <rmeggins(a)redhat.com>wrote:
> On 05/22/2012 03:32 PM, Lucas Sweany wrote:
>
> Is there a way to prevent the unhashed#user#password attribute from being
> stored or used at all? I don't need it to be replicated anywhere--I presume
> that the hashed password will be enough to authenticate users.
>
>
> Unless you need to use Windows Sync, yes. If you plan to use Windows
> Sync you'll have to replicate the unhashed#user#password to the server that
> has the windows sync agreement.
>
>
>
> Thanks,
>
> -Lucas
>
>
> --
> 389 users mailing
list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>