Re: issues with password encryption changes after upgrade

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Mark thank you for reply ,

we are running Cent OS 7  with

389-DS 1.3.7.5-24.el7

and getting the following : passwordStorageScheme: SSHA512
should we change the ldap passwd encrytion  to: PBKDF2_SHA256  than for 'safety ' reason ?


The grief is caused : we have two  systems  each with own  ldap version,  one old ldap(1.3.5 fc24)  using SSHA  and this new  ldap ver using SSHA512 some of users from this one need to be added  manually to old ldap and passwd encryption conversion seems to be a issue, I  do not have knowledge how  to translate for individual users their encrypted  passwd from SSHA512 to SSHA ?

 



From: Ghiurea, Isabella
Sent: Wednesday, October 31, 2018 11:01 AM
To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: issues with password encryption changes after upgrade
 

here are more details from DS cfg


 *389-DS   1.3.5.15 fc 24


dn: cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
sslVersionMin: TLS1.1
nsSSL3Ciphers: default
allowWeakCipher: off
nsKeyfile: alias/slapd-xxxx-key3.db
nsCertfile: alias/slapd-xxxx-cert8.d
numSubordinates: 1



*and   389-DS 1.3.7.5-24.el7


dn: cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
sslVersionMin: SSL3.0
nsSSL3Ciphers: default
allowWeakCipher: off
nsKeyfile: alias/slapd-xxx-key3.db
nsCertfile: alias/slapd-xxx-cert8.db
CACertExtractFile: /etc/dirsrv/slapd-ldap/xxxxxxxx. pem
modifiersName: cn=server,cn=plugins,cn=config
modifyTimestamp: 20180801192432Z
numSubordinates: 1


From: Ghiurea, Isabella
Sent: Wednesday, October 31, 2018 10:25 AM
To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: issues with password encryption changes after upgrade
 

Hi list,

we upgrade from1.3.5.15-1.fc24, to  1.3.7.5-24.el7  , this a multi master replication environment  we are seeing the paswd encryption for new users in new  389-DS  has been changed and is causing some grief , both version have the start of passwd same string :'e1NTSE"  , BUT  the latest  389-DS e has one additional new line . Is there anything we can do to have same encryption pattern ?



Thank you

_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux