[389-users] unhashed#user#password field
Alberto Viana
albertocrj at gmail.com
Fri May 18 18:13:37 UTC 2012
I have a 389 DS server replication agreement whith an AD Server and when I
change the password in the windows side it replicates into 389 but via 389
console I can see this field "unhashed#user#password" in clear text.
How can I encrypt this field? Is it possible?
I tried the following configuration:
Source:
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Configuring_Directory_Databases-Creating_and_Maintaining_Databases.html#Creating_and_Maintaining_Databases-Database_Encryption
dn: cn=unhashed#user#password,cn=encrypted attributes,cn=userRoot,cn=ldbm
data
base,cn=plugins,cn=config
objectClass: top
objectClass: nsAttributeEncryption
cn: unhashed#user#password
nsEncryptionAlgorithm: AES
If I restart my server the field is gone.
The fact is that I need to avoid my admin to see the userĀ“s password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120518/db1cc36e/attachment.html>
More information about the 389-users
mailing list