Bliss, Aaron wrote: > I'm a little confused here; what is the purpose of the passsync service > (I've successfully created a replication agreement over ssl via fds and > ad). Thanks again. > The PassSync service is only responsible for sending password changes initiated on the AD side to FDS. Any password that is changed on the FDS side will be sent to AD over the synchronization agreement along with other user & group changes. The synchronization agreement will also pull changes that happened on the AD side over to FDS. The problem is that AD hashes the password differently than FDS does, so FDS needs access to the clear-text password. The only way for this to happen when a password change is initiated on the AD side is to have a password plug-in installed on the domain controller to get a copy of the clear-text password. This is exactly what the PassSync service does. It installs a plugin (passhook.dll) that receives the clear-text password which passsync.exe sends across to FDS over LDAPS. Hopefully that clears things up. -NGK > Aaron > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061031/5de60f07/attachment.bin
