On Wed, Aug 04, 2021 at 04:30:56PM -0400, Rob Crittenden via FreeIPA-users wrote:
Dominik Vogt via FreeIPA-users wrote:
> For our setup on RHEL8.1, the password hashing algorithm needs to
> be changed:
>
> 1. Run ipa-server-install with -a and -p options.
> 2. Use ldapmodify to change passwordStorageScheme.
>
> Now, the "admin" user's password needs to be rehashed with the new
> algorithm. What is the proper procedure to do this?
You can pass in an ldif to update the params during installation. You
can try that.
# ipa-server-install --dirsrv-config-file params.ldif
with params.ldif:
~~~
dn: cn=config
changetype: modify
replace: someattribute
someattribute: somevalue
So you won't need to re-hash the password at all.
Thanks, that sound like the solution we need.
> a) When changing the password the normal way, it is not
updated
> in the database if it doesn't change.
I don't know what this means.
When you try to change the password and then enter the old
password again as the new one, this is a noop. The password hash
ist not updated. I've tried that. Anyway, with the above
solution, that's irrelevant.
Ciao
Dominik ^_^ ^_^
--
Dominik Vogt