[389-users] unhashed#user#password field
Mark Reynolds
mareynol at redhat.com
Mon May 21 14:56:13 UTC 2012
Also see: https://fedorahosted.org/389/ticket/365
This is will be included in a future release.
Mark
On 05/18/2012 02:13 PM, Alberto Viana wrote:
> I have a 389 DS server replication agreement whith an AD Server and
> when I change the password in the windows side it replicates into 389
> but via 389 console I can see this field "unhashed#user#password" in
> clear text.
>
> How can I encrypt this field? Is it possible?
>
>
> I tried the following configuration:
>
> Source:
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Configuring_Directory_Databases-Creating_and_Maintaining_Databases.html#Creating_and_Maintaining_Databases-Database_Encryption
>
> dn: cn=unhashed#user#password,cn=encrypted
> attributes,cn=userRoot,cn=ldbm data
> base,cn=plugins,cn=config
> objectClass: top
> objectClass: nsAttributeEncryption
> cn: unhashed#user#password
> nsEncryptionAlgorithm: AES
>
> If I restart my server the field is gone.
>
> The fact is that I need to avoid my admin to see the userĀ“s password.
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120521/8cef8011/attachment.html>
More information about the 389-users
mailing list