[389-users] changelog
Rich Megginson
rmeggins at redhat.com
Tue Jun 4 19:11:05 UTC 2013
On 06/04/2013 12:39 PM, Denise Cosso wrote:
> Hi,
>
>
> Description of problem:
> When a userPassword is changed in a server with changelog, the hashed password
> is logged and also a cleartext pseudo-attribute version. It looks like this:
> change::
> replace: userPassword
> userPassword: {SHA256}vqtiN2LHdrEUOJUKu+IBVqAVFsAlvFw+11kD/Q==
> -
> replace: unhashed#user#password
> unhashed#user#password: secret12
>
> This unhashed version is used in winsync where the cleartext version of the
> password must be written to the AD.
>
> Now if the DS is involved in replication with another DS, the change will be
> replayed exactly as it is logged to the other DS replicas, including the
> cleartext pseudo-attribute password.
>
What platform? What version of 389-ds-base are you using?
> thanks,
>
> Denise
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130604/3b9d7c05/attachment.html>
More information about the 389-users
mailing list