Hi,
On 9/22/20 6:23 PM, Mark Reynolds wrote:
>
> On 9/22/20 3:42 AM, Tornóci László wrote:
>> Hi,
>>
>> I recently upgraded my system from RHEL7 to RHEL8, together with
>> 389ds. Apparently this has caused to upgrade the storage scheme of the
>> user passwords to PBKDF2_SHA256. Everything works fine except
>> freeradius does not support this storage scheme at the moment.
>>
>> How can I downgrade the storage scheme in 389ds to something that is
>> supported by freeradius in such a way, that doesn't force my users to
>> change their passwords?
>
> Well first you need to change the scheme in cn=config to something like:
>
> passwordStorageScheme: SSHA512
>
> But if passwords are already in PBKDF2, then you will have to reset
> those passwords. There is no undoing it without a full reset of the
> password at this time.
Yes, that's what the docs say, but a simple bind seems to be enough for
me. I tested this and actually I could go back and forth between storage
schemes using a simple bind. I am very happy with 389ds, its saved my ass...
Laszlo
>
> HTH,
>
> Mark
>
>>
>> Thanks: Laszlo
>> _______________________________________________
>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>>
>
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
No comments:
Post a Comment