[389-users] In need of Storing Cleartext Password

Uzor Ide ide4you at gmail.com
Fri Oct 29 20:28:57 UTC 2010


Thanks Nathan,

I missed that entirely

Ide

2010/10/29 Nathan Kinder <nkinder at redhat.com>

>  On 10/29/2010 08:28 AM, Uzor Ide wrote:
>
>
> Hi
>
> we have a need for 389 directory to store password in clear text, in given
> subtree. I have used the console to configure password policy and chose
> CLEAR for the encryption scheme under passwordStorageScheme, yet the
> passwords are still SSHA encrypted. Is there any other thing that I should
> do.
>
> You need to check the "Enable fine-grained password policies" checkbox in
> the global password policy section in the Console.
>
>
> # entry-id: 11
> dn: cn=users,cn=subscribers,dc=ourcompany,dc=com
> objectClass: top
> objectClass: nsContainer
> cn: users
>
> # entry-id: 14
> dn: cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com
> objectClass: nsContainer
> objectClass: top
> cn: nsPwPolicyContainer
>
> # entry-id: 15
> dn:
> cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cdc\
>  3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com
> objectClass: ldapsubentry
> objectClass: passwordpolicy
> objectClass: top
> cn: cn=nsPwPolicyEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com
> passwordMustChange: off
> passwordExp: off
> passwordHistory: on
> passwordMinAge: 0
> passwordChange: off
> passwordStorageScheme: clear
> passwordInHistory: 3
> passwordLockout: on
> passwordLockoutDuration: 21600
> passwordResetFailureCount: 1800
> passwordUnlock: on
> passwordMaxFailure: 3
>
> # entry-id: 16
> dn:
> cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Dourcompany\2Cd
>
>  c\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,dc=com
> objectClass: extensibleObject
> objectClass: costemplate
> objectClass: ldapsubentry
> objectClass: top
> cosPriority: 1
> pwdpolicysubentry:
> cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3
>
>  Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany
>  ,dc=com
> cn: cn=nsPwTemplateEntry,cn=users,cn=subscribers,dc=ourcompany,dc=com
>
> # entry-id: 17
> dn: cn=nsPwPolicy_CoS,cn=users,cn=subscribers,dc=ourcompany,dc=com
> objectClass: ldapsubentry
> objectClass: cosSuperDefinition
> objectClass: cosPointerDefinition
> objectClass: top
> costemplatedn:
> cn=cn\3DnsPwTemplateEntry\2Ccn\3Dusers\2Ccn\3Dsubscribers\2Cdc\3Do
>
>  urcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc=ourcompany,d
>  c=com
> cosAttribute: pwdpolicysubentry default operational-default
> cn: nsPwPolicy_CoS
>
> # entry-id: 18
> dn: uid=testuser,cn=users,cn=subscribers,dc=ourcompany,dc=com
> givenName: U-da-man
> uidNumber: 501
> gidNumber: 501
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetorgperson
> objectClass: account
> objectClass: radiusprofile
> uid: testuser
> userPassword: {SSHA}HBk8h1pkgsUocxUgPF+HNeuHF1LgYaI99co6Aw==
> radiusFramedMTU: 1400
> radiusGroupName: local
> radiusHuntgroupName: vpn.ourcompany.com
> radiusRealm: vpn.ourcompany.com
> radiusServiceType: Framed-User
> radiusFilterId: std.ppp
> passwordGraceUserTime: 0
> dialupAccess: yes
>
> There is also an attribute pwdpolicysubentry:
> cn=cn\3DnsPwPolicyEntry\2Ccn\3Dusers\2Ccn\3Daccounts\2Cdc\3Dourcompany\2Cdc\3Dcom,cn=nsPwPolicyContainer,cn=users,cn=accounts,dc=ourcompany,dc=com
>
> that shows up in the testuser's profile from the console that does not show
> up in the ldif dump.
>
> Please help I have followed the documentation Redhat directory 8.2
>
> thanks
>
>
>
> --
> 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20101029/badf96cf/attachment.html>


More information about the 389-users mailing list