On 4/16/19 10:14 PM, Rob Crittenden wrote:
It isn't a huge deal to change the DM password but in practice
you'd
want to do it on all masters (not replicated) so while not the end of
the world it can be at best annoying.
We'll only have a single master, so that doesn't sound too bad.
Though with root DM can be reset so with having a crappy root
password
in effect it doesn't matter what DM is (e.g. someone could already have
the keys to the Kingdom).
Right. I'm hoping to tighten up the root/admin password situation, but
that will have to wait until I can get some consensus from the remainder
of my team. Changing those passwords is a known, straightforward
process, though.
In contrast, a fair bit of Googling leaves me unsure what the DM
password change procedure even is for IPA 4.6.
I'd set both to something(s) you can remember. When you need it
the last
thing you'll want to do is run around resetting it.
My experience is that the Directory Manager password is used very
infrequently, so the odds of remembering it (if it is different than the
admin password) are very low.
--
========================================================================
Ian Pilcher arequipeno(a)gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================