On Mon, 25 Oct 2010 18:14:12 -0400 Nalin Dahyabhai <na...@redhat.com> wrote:
> On Fri, Oct 22, 2010 at 05:38:35PM -0400, Simo Sorce wrote: > > This plugin intercepts a modrdn change so that when a user is > > renamed the krbprincipalname is changhed accordingly. > > Changing the user's principal name usually breaks the client's ability > to get initial creds, as the default salt is derived from the > principal name. Assuming we don't want to force an administrative > password reset, how are we working around that? At the moment we will have no choice but reset the credentials. I was meaning to ask you if we have any other way around. Is it possible to use a random salt instead of the principal name ? We do enforce pre-authentication by default, so IIRC it should be possible, but it doesn't seem to make any difference atm, I guess we need to change something in the password plugin ? Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel