Re: Importing users from open-ds

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/16/2018 10:09 AM, rainer@xxxxxxxxxxxxxxx wrote:

Am 2018-08-16 15:58, schrieb Mark Reynolds:

On 08/16/2018 09:51 AM, rainer@xxxxxxxxxxxxxxx wrote:
How can I switch it to sha512 - and how can I store encrypted passwords with different algorithms? 
You have to reset/change the passwords for them to get rehashed. There
is no way to just convert an existing password as all of these
password hashing algorithms are one way (not reversible).


So, 389-ds can't use the current hashes?
Sorry if I'm not being clear.  389-ds-base supports all the password hashing algorithms that open-ds does.  Everything should work as is.  But there is no way to automatically convert existing password hashes into different hashes, but it's okay because the server supports all the hashes you are using. 


I meant, how can I import the hashes and tell 389-ds the format?

It doesn't work that way,  You have to "change" the password to get it
rehashed to whatever the server is configured to use. Import/exporting
does not do that.
In the current setup, the old sha1 and sha2 passwords can apparently coexist together at the same time. 
Yup that's fine.  The server supports most password hashing algos.

I think you are trying to fix a problem that is NOT a problem. :-)
There is nothing wrong with entries having different password storage
schemes, and the server supports all the schemes you previously
mentioned.  Everything should just work.  Then as passwords get
changed they will get rehashed using the default password storage
scheme that is configured in DS (either SHA512 or PBKDF2).




I'll try to use the ldif2db tool...

https://www.spinics.net/linux/fedora/389-users/msg16789.html

I didn't know this existed.


Thanks for your input so far.




Best Regards
Rainer



_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx/message/VMEKSANI6T4LYYNN73WEUDK3BBBTLQD5/
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux