[Fedora-directory-users] cleartext password
David Boreham
david_list at boreham.org
Fri May 5 13:07:24 UTC 2006
Mikael Kermorgant wrote:
> Is there be a way to store a "clear version" of the passwords in an
> external storage (sql db, text file...) while turning on encryption
> on the directory server ?
Yes there is. It might be useful to know more about what you are
trying to achieve, because there are a few ways to skin this cat.
But to start, there is a magic attribute added to the entry during
processing
inside the server that holds the un-hashed password value (for
operations that modify or add the password attribute). This is used
for example to propagate cleartext password values in replication
and for Windows sync. You can pick up that attribute in a plugin
and salt it away somewhere.
More information about the 389-users
mailing list