Re: unhashed#user#password field

Mark Reynolds <mareynol@xxxxxxxxxx> · Mon, 21 May 2012 10:56:13 -0400



    Also see:  https://fedorahosted.org/389/ticket/365
    

    This is will be included in a future release.

    
    Mark

    
    On 05/18/2012 02:13 PM, Alberto Viana wrote:
    I have a 389 DS server replication agreement whith an
      AD Server and when I change the password in the windows side it
      replicates into 389 but via 389 console I can see this field
      "unhashed#user#password" in clear text.
      
        
      How can I encrypt this field? Is it possible?
      

      I tried the following configuration:
      

      Source: http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Configuring_Directory_Databases-Creating_and_Maintaining_Databases.html#Creating_and_Maintaining_Databases-Database_Encryption
      

          dn: cn=unhashed#user#password,cn=encrypted
            attributes,cn=userRoot,cn=ldbm data
          base,cn=plugins,cn=config
          objectClass: top
          objectClass: nsAttributeEncryption
          cn: unhashed#user#password
          nsEncryptionAlgorithm: AES
          

          If
              I restart my server the field is gone.
          
          
          The fact is that I need to avoid my admin to see the
            user´s password. 
        
      
      --
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
    
  
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users