Hi.
Is there any way to sync FDS crypt passwords with Active Directory or do they have to be encrypted with SSHA ?
Jon
Unfortunately, the Microsoft AD password hash isn't a supported password hash in FDS (or any other directory server, except AD of course). I think this is because Microsoft's hash is proprietary. This means neither SSHA or crypt can directly be synced with AD. To sync passwords, you have to use something that can catch the password while it's in clear text (i.e., when the user changes it). There is a Fedora "Winsync" package which I believe can help with this.
Jón Björn Njálsson wrote:
Hi.
Is there any way to sync FDS crypt passwords with Active Directory or do they have to be encrypted with SSHA ?
Jon
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Jón Björn Njálsson wrote:
Is there any way to sync FDS crypt passwords with Active Directory or do they have to be encrypted with SSHA ?
Winsync doesn't care what hash type you use. It hooks the plaintext password (on both ends) and sends that (via an SSL protected session, of course).
389-users@lists.fedoraproject.org
-
David Boreham -
George Holbert -
Jón Björn Njálsson