Dominik Vogt via FreeIPA-users wrote: > For our setup on RHEL8.1, the password hashing algorithm needs to > be changed: > > 1. Run ipa-server-install with -a and -p options. > 2. Use ldapmodify to change passwordStorageScheme. > > Now, the "admin" user's password needs to be rehashed with the new > algorithm. What is the proper procedure to do this?
You can pass in an ldif to update the params during installation. You can try that. # ipa-server-install --dirsrv-config-file params.ldif with params.ldif: ~~~ dn: cn=config changetype: modify replace: someattribute someattribute: somevalue So you won't need to re-hash the password at all. > Constraints: > > - Rehashing needs to be done from Ansible running shell commands > or with ansible-freeipa. Using the GUI is no topion. > > - The default server installation has some restrictions: > > a) When changing the password the normal way, it is not updated > in the database if it doesn't change. I don't know what this means. > b) The minimum password lifetime prevents that the password is > changed twice quickly. Yeah, no working around that. > > - We want to keep the LDAP and the Ipa passwords identical. > > Ciao > > Dominik ^_^ ^_^ > > -- > > Dominik Vogt > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
