[389-users] In need of Storing Cleartext Password

Uzor Ide ide4you at gmail.com
Fri Oct 29 15:28:25 UTC 2010


Hi

we have a need for 389 directory to store password in clear text, in given
subtree. I have used the console to configure password policy and chose
CLEAR for the encryption scheme under passwordStorageScheme, yet the
passwords are still SSHA encrypted. Is there any other thing that I should
do.

# entry-id: 11
dn: cn=users,cn=subscribers,dc=ourcompany,dc=com
objectClass: top
objectClass: nsContainer
cn: users

# entry-id: 14
dn: cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com
objectClass: nsContainer
objectClass: top
cn: nsPwPolicyContainer

# entry-id: 15
dn:
cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cdc\
 3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com
objectClass: ldapsubentry
objectClass: passwordpolicy
objectClass: top
cn: cn=nsPwPolicyEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com
passwordMustChange: off
passwordExp: off
passwordHistory: on
passwordMinAge: 0
passwordChange: off
passwordStorageScheme: clear
passwordInHistory: 3
passwordLockout: on
passwordLockoutDuration: 21600
passwordResetFailureCount: 1800
passwordUnlock: on
passwordMaxFailure: 3

# entry-id: 16
dn:
cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cd
 c\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com
objectClass: extensibleObject
objectClass: costemplate
objectClass: ldapsubentry
objectClass: top
cosPriority: 1
pwdpolicysubentry:
cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3
 Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany
 ,dc=com
cn: cn=nsPwTemplateEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com

# entry-id: 17
dn: cn=nsPwPolicy_CoS,cn=users,cn=subscribers,dc=ourcompany,dc=com
objectClass: ldapsubentry
objectClass: cosSuperDefinition
objectClass: cosPointerDefinition
objectClass: top
costemplatedn:
cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Do
 urcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,d
 c=com
cosAttribute: pwdpolicysubentry default operational-default
cn: nsPwPolicy_CoS

# entry-id: 18
dn: uid=testuser,cn=users,cn=subscribers,dc=ourcompany,dc=com
givenName: U-da-man
uidNumber: 501
gidNumber: 501
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: account
objectClass: radiusprofile
uid: testuser
userPassword: {SSHA}HBk8h1pkgsUocxUgPF+HNeuHF1LgYaI99co6Aw==
radiusFramedMTU: 1400
radiusGroupName: local
radiusHuntgroupName: vpn.ourcompany.com
radiusRealm: vpn.ourcompany.com
radiusServiceType: Framed-User
radiusFilterId: std.ppp
passwordGraceUserTime: 0
dialupAccess: yes

There is also an attribute pwdpolicysubentry:
cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Daccounts\2Cdc\3Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=accounts,dc=ourcompany,dc=com

that shows up in the testuser's profile from the console that does not show
up in the ldif dump.

Please help I have followed the documentation Redhat directory 8.2

thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20101029/96dcd58f/attachment.html>


More information about the 389-users mailing list