For our setup on RHEL8.1, the password hashing algorithm needs to
be changed:
1. Run ipa-server-install with -a and -p options.
2. Use ldapmodify to change passwordStorageScheme.
Now, the "admin" user's password needs to be rehashed with the new
algorithm. What is the proper procedure to do this?
Constraints:
- Rehashing needs to be done from Ansible running shell commands
or with ansible-freeipa. Using the GUI is no topion.
- The default server installation has some restrictions:
a) When changing the password the normal way, it is not updated
in the database if it doesn't change.
b) The minimum password lifetime prevents that the password is
changed twice quickly.
- We want to keep the LDAP and the Ipa passwords identical.
Ciao
Dominik ^_^ ^_^
--
Dominik Vogt