Re: Disable unhashed#user#password altogether

Lucas Sweany <lsweany@xxxxxxxxxx> · Tue, 22 May 2012 15:09:47 -0700

I am syncing from an AD domain one way (onewaysync: fromWindows), and using the Password Sync service on the domain controllers. Perhaps the Password Sync service requires the attribute?  Even if so, it would be nice if the plain text attribute were to go away once the password hash was stored.

-Lucas

On Tue, May 22, 2012 at 2:54 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:

    On 05/22/2012 03:32 PM, Lucas Sweany wrote:
    Is there a way to prevent the unhashed#user#password
      attribute from being stored or used at all? I don't need it to be
      replicated anywhere--I presume that the hashed password will be
      enough to authenticate users.

    Unless you need to use Windows Sync, yes.  If you plan to use
    Windows Sync you'll have to replicate the unhashed#user#password to
    the server that has the windows sync agreement.

      Thanks,

      -Lucas

      --
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users