Dominik Vogt via FreeIPA-users wrote:
For our setup on RHEL8.1, the password hashing algorithm needs to
be changed:
1. Run ipa-server-install with -a and -p options.
2. Use ldapmodify to change passwordStorageScheme.
Now, the "admin" user's password needs to be rehashed with the new
algorithm. What is the proper procedure to do this?
You can pass in an ldif to update the params during installation. You
can try that.
# ipa-server-install --dirsrv-config-file params.ldif
with params.ldif:
~~~
dn: cn=config
changetype: modify
replace: someattribute
someattribute: somevalue
So you won't need to re-hash the password at all.
Constraints:
- Rehashing needs to be done from Ansible running shell commands
or with ansible-freeipa. Using the GUI is no topion.
- The default server installation has some restrictions:
a) When changing the password the normal way, it is not updated
in the database if it doesn't change.
I don't know what this means.
b) The minimum password lifetime prevents that the password is
changed twice quickly.
Yeah, no working around that.
- We want to keep the LDAP and the Ipa passwords identical.
Ciao
Dominik ^_^ ^_^
--
Dominik Vogt
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure