Platform is a fully-updated CentOS 7 instance. I have installed
ipa-server-4.6.8-5.el7.centos.9.x86_64 and all the dependent packages.
The RedHat documentation tells you to use a script that sets all passwords to the same
fixed string, however, I would like to use the hashed passwords from my NIS instance. The
NIS server passwrod policy is set to "sha512".
I have set:
ipa config-mod --enable-migration=true
It appears that the RedHat build does not allow encrypted passwords with "ipa
user-mod", but I am trying to set the password with "ipa user-add".
However, whenever I do this, attempting to test the login results in:
kinit: Pre-authentication failed: Invalid argument while getting initial credentials
ipa user-add blahblah --first=NIS --last=USER --setattr
'userpassword={sha512}$6$WZktVggI$Rsmo.M31dUfgalp5e39a47FwjfdM5UA9UT1dwvKjrLJZVjh7SxG0g2SuDYOZmFM9mdGeTIz8KZpZukKouNQR1/'
--uid=4444 --gid=444 --gecos='Blah' --homedir=/home/blah --shell=/bin/bash
---------------------
Added user "blahblah"
---------------------
User login: blahblah
First name: NIS
Last name: USER
Full name: NIS USER
Display name: NIS USER
Initials: NU
Home directory: /home/blah
GECOS: Blah
Login shell: /bin/bash
Principal name: blahblah(a)SJ.BPS
Principal alias: blahblah(a)SJ.BPS
Email address: blahblah(a)sj.bps
UID: 4444
GID: 444
Password: True
Member of groups: ipausers
Kerberos keys available: False
[root@ipa1 ~]# kinit blahblah
kinit: Pre-authentication failed: Invalid argument while getting initial credentials
It doesn't seem to matter what I specify for "{crypt}": md5 or sha512, I get
the same message.
Show replies by date