On 02/12/2015 09:05 AM, Brad House wrote:
On 02/12/2015 10:48 AM, Simo Sorce wrote:
On Thu, 2015-02-12 at 07:38 -0800, Michael Lasevich wrote:
Thank you, this is very helpful. I forgot about 'super admin', which
is why
I was not even seeing the values before. :-)
How are the the values encrypted (or hashed?)
It sounds like the password is stored in two fields(I am leaving
samba out
for now) - userpassword andkerberos principle key.
Is userpassword a hash?
Yes.
Of so, what kind?
Configurable, by default salted sha256 IIRC.
Out of curiousity, where is this configurable?
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management.html#User_Account_Management-Managing_the_Password_Policy
This is the passwordStorageScheme attribute.
Also, is it using it in
conjunction with something like PBKDF2?
https://fedorahosted.org/389/ticket/397
I'd love to know more info on this
as we might want to increase the defaults ourselves.
Thanks!
-Brad
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
