On 05/22/2012 04:09 PM, Lucas Sweany wrote:
I am syncing from an AD domain one way (onewaysync: fromWindows), and
using the Password Sync service on the domain controllers. Perhaps the
Password Sync service requires the attribute?
No. You only need it if you sync passwords _to_ AD - AD requires the
clear text password.
Even if so, it would be nice if the plain text attribute were to go
away once the password hash was stored.
-Lucas
On Tue, May 22, 2012 at 2:54 PM, Rich Megginson <rmeggins(a)redhat.com
<mailto:rmeggins@redhat.com>> wrote:
On 05/22/2012 03:32 PM, Lucas Sweany wrote:
> Is there a way to prevent the unhashed#user#password attribute
> from being stored or used at all? I don't need it to be
> replicated anywhere--I presume that the hashed password will be
> enough to authenticate users.
Unless you need to use Windows Sync, yes. If you plan to use
Windows Sync you'll have to replicate the unhashed#user#password
to the server that has the windows sync agreement.
>
> Thanks,
>
> -Lucas
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
>
https://admin.fedoraproject.org/mailman/listinfo/389-users