FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory
Reload this Page In need of Storing Cleartext Password

 
 
LinkBack Thread Tools
 
Old 10-29-2010, 03:28 PM
Uzor Ide
 
Default In need of Storing Cleartext Password
Hi

we have a need for 389 directory to store password in clear text, in given subtree. I have used the console to configure password policy and chose CLEAR for the encryption scheme under passwordStorageScheme, yet the passwords are still SSHA encrypted. Is there any other thing that I should do.



# entry-id: 11
dn: cn=users,cn=subscribers,dc=ourcompany,dc=com
objectClass: top
objectClass: nsContainer
cn: users

# entry-id: 14
dn: cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc= ourcompany,dc=com


objectClass: nsContainer
objectClass: top
cn: nsPwPolicyContainer

# entry-id: 15
dn: cn=cn3DnsPwPolicyEntry2Ccn3Dusers2Ccn3Dsubscribers 2Cdc3Dourcompany2Cdc
*3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscrib ers,dc=ourcompany,dc=com


objectClass: ldapsubentry
objectClass: passwordpolicy
objectClass: top
cn: cn=nsPwPolicyEntry,cn=users,cn=subscribers,dc=ourc ompany,dc=com
passwordMustChange: off
passwordExp: off
passwordHistory: on


passwordMinAge: 0
passwordChange: off
passwordStorageScheme: clear
passwordInHistory: 3
passwordLockout: on
passwordLockoutDuration: 21600
passwordResetFailureCount: 1800
passwordUnlock: on
passwordMaxFailure: 3



# entry-id: 16
dn: cn=cn3DnsPwTemplateEntry2Ccn3Dusers2Ccn3Dsubscribe rs2Cdc3Dourcompany2Cd
*c3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscri bers,dc=ourcompany,dc=com
objectClass: extensibleObject


objectClass: costemplate
objectClass: ldapsubentry
objectClass: top
cosPriority: 1
pwdpolicysubentry: cn=cn3DnsPwPolicyEntry2Ccn3Dusers2Ccn3Dsubscribers 2Cdc3
*Dourcompany2Cdc3Dcom,cn=nsPwPolicyContainer,cn=us ers,cn=subscribers,dc=ourcompany


*,dc=com
cn: cn=nsPwTemplateEntry,cn=users,cn=subscribers,dc=ou rcompany,dc=com

# entry-id: 17
dn: cn=nsPwPolicy_CoS,cn=users,cn=subscribers,dc=ourco mpany,dc=com
objectClass: ldapsubentry
objectClass: cosSuperDefinition


objectClass: cosPointerDefinition
objectClass: top
costemplatedn: cn=cn3DnsPwTemplateEntry2Ccn3Dusers2Ccn3Dsubscribe rs2Cdc3Do
*urcompany2Cdc3Dcom,cn=nsPwPolicyContainer,cn=user s,cn=subscribers,dc=ourcompany,d


*c=com
cosAttribute: pwdpolicysubentry default operational-default
cn: nsPwPolicy_CoS

# entry-id: 18
dn: uid=testuser,cn=users,cn=subscribers,dc=ourcompany ,dc=com
givenName: U-da-man
uidNumber: 501


gidNumber: 501
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: account
objectClass: radiusprofile
uid: testuser
userPassword: {SSHA}HBk8h1pkgsUocxUgPF+HNeuHF1LgYaI99co6Aw==


radiusFramedMTU: 1400
radiusGroupName: local
radiusHuntgroupName: vpn.ourcompany.com
radiusRealm: vpn.ourcompany.com

radiusServiceType: Framed-User

radiusFilterId: std.ppp
passwordGraceUserTime: 0
dialupAccess: yes

There is also an attribute pwdpolicysubentry: cn=cn3DnsPwPolicyEntry2Ccn3Dusers2Ccn3Daccounts2Cd c3Dourcompany2Cdc3Dcom,cn=nsPwPolicyContainer,cn=u sers,cn=accounts,dc=ourcompany,dc=com


that shows up in the testuser's profile from the console that does not show up in the ldif dump.

Please help I have followed the documentation Redhat directory 8.2

thanks




--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 10-29-2010, 03:45 PM
Nathan Kinder
 
Default In need of Storing Cleartext Password
On 10/29/2010 08:28 AM, Uzor Ide wrote:



Hi



we have a need for 389 directory to store password in clear text, in
given subtree. I have used the console to configure password policy and
chose CLEAR for the encryption scheme under passwordStorageScheme, yet
the passwords are still SSHA encrypted. Is there any other thing that I
should do.



You need to check the "Enable fine-grained password policies" checkbox
in the global password policy section in the Console.




# entry-id: 11

dn: cn=users,cn=subscribers,dc=ourcompany,dc=com

objectClass: top

objectClass: nsContainer

cn: users



# entry-id: 14

dn: cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc= ourcompany,dc=com

objectClass: nsContainer

objectClass: top

cn: nsPwPolicyContainer



# entry-id: 15

dn:
cn=cn3DnsPwPolicyEntry2Ccn3Dusers2Ccn3Dsubscribers 2Cdc3Dourcompany2Cdc

*3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscrib ers,dc=ourcompany,dc=com

objectClass: ldapsubentry

objectClass: passwordpolicy

objectClass: top

cn: cn=nsPwPolicyEntry,cn=users,cn=subscribers,dc=ourc ompany,dc=com

passwordMustChange: off

passwordExp: off

passwordHistory: on

passwordMinAge: 0

passwordChange: off

passwordStorageScheme: clear

passwordInHistory: 3

passwordLockout: on

passwordLockoutDuration: 21600

passwordResetFailureCount: 1800

passwordUnlock: on

passwordMaxFailure: 3



# entry-id: 16

dn:
cn=cn3DnsPwTemplateEntry2Ccn3Dusers2Ccn3Dsubscribe rs2Cdc3Dourcompany2Cd

*c3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscri bers,dc=ourcompany,dc=com

objectClass: extensibleObject

objectClass: costemplate

objectClass: ldapsubentry

objectClass: top

cosPriority: 1

pwdpolicysubentry:
cn=cn3DnsPwPolicyEntry2Ccn3Dusers2Ccn3Dsubscribers 2Cdc3

*Dourcompany2Cdc3Dcom,cn=nsPwPolicyContainer,cn=us ers,cn=subscribers,dc=ourcompany

*,dc=com

cn: cn=nsPwTemplateEntry,cn=users,cn=subscribers,dc=ou rcompany,dc=com



# entry-id: 17

dn: cn=nsPwPolicy_CoS,cn=users,cn=subscribers,dc=ourco mpany,dc=com

objectClass: ldapsubentry

objectClass: cosSuperDefinition

objectClass: cosPointerDefinition

objectClass: top

costemplatedn:
cn=cn3DnsPwTemplateEntry2Ccn3Dusers2Ccn3Dsubscribe rs2Cdc3Do

*urcompany2Cdc3Dcom,cn=nsPwPolicyContainer,cn=user s,cn=subscribers,dc=ourcompany,d

*c=com

cosAttribute: pwdpolicysubentry default operational-default

cn: nsPwPolicy_CoS



# entry-id: 18

dn: uid=testuser,cn=users,cn=subscribers,dc=ourcompany ,dc=com

givenName: U-da-man

uidNumber: 501

gidNumber: 501

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: inetorgperson

objectClass: account

objectClass: radiusprofile

uid: testuser

userPassword: {SSHA}HBk8h1pkgsUocxUgPF+HNeuHF1LgYaI99co6Aw==

radiusFramedMTU: 1400

radiusGroupName: local

radiusHuntgroupName: vpn.ourcompany.com

radiusRealm: vpn.ourcompany.com

radiusServiceType: Framed-User

radiusFilterId: std.ppp

passwordGraceUserTime: 0

dialupAccess: yes



There is also an attribute pwdpolicysubentry:
cn=cn3DnsPwPolicyEntry2Ccn3Dusers2Ccn3Daccounts2Cd c3Dourcompany2Cdc3Dcom,cn=nsPwPolicyContainer,cn=u sers,cn=accounts,dc=ourcompany,dc=com


that shows up in the testuser's profile from the console that does not
show up in the ldif dump.



Please help I have followed the documentation Redhat directory 8.2



thanks








--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 10-29-2010, 08:28 PM
Uzor Ide
 
Default In need of Storing Cleartext Password
Thanks Nathan,

I missed that entirely

Ide

2010/10/29 Nathan Kinder <nkinder@redhat.com>







On 10/29/2010 08:28 AM, Uzor Ide wrote:



Hi



we have a need for 389 directory to store password in clear text, in
given subtree. I have used the console to configure password policy and
chose CLEAR for the encryption scheme under passwordStorageScheme, yet
the passwords are still SSHA encrypted. Is there any other thing that I
should do.



You need to check the "Enable fine-grained password policies" checkbox
in the global password policy section in the Console.




# entry-id: 11

dn: cn=users,cn=subscribers,dc=ourcompany,dc=com

objectClass: top

objectClass: nsContainer

cn: users



# entry-id: 14

dn: cn=nsPwPolicyContainer,cn=users,cn=subscribers,dc= ourcompany,dc=com

objectClass: nsContainer

objectClass: top

cn: nsPwPolicyContainer



# entry-id: 15

dn:
cn=cn3DnsPwPolicyEntry2Ccn3Dusers2Ccn3Dsubscribers 2Cdc3Dourcompany2Cdc

*3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscrib ers,dc=ourcompany,dc=com

objectClass: ldapsubentry

objectClass: passwordpolicy

objectClass: top

cn: cn=nsPwPolicyEntry,cn=users,cn=subscribers,dc=ourc ompany,dc=com

passwordMustChange: off

passwordExp: off

passwordHistory: on

passwordMinAge: 0

passwordChange: off

passwordStorageScheme: clear

passwordInHistory: 3

passwordLockout: on

passwordLockoutDuration: 21600

passwordResetFailureCount: 1800

passwordUnlock: on

passwordMaxFailure: 3



# entry-id: 16

dn:
cn=cn3DnsPwTemplateEntry2Ccn3Dusers2Ccn3Dsubscribe rs2Cdc3Dourcompany2Cd

*c3Dcom,cn=nsPwPolicyContainer,cn=users,cn=subscri bers,dc=ourcompany,dc=com

objectClass: extensibleObject

objectClass: costemplate

objectClass: ldapsubentry

objectClass: top

cosPriority: 1

pwdpolicysubentry:
cn=cn3DnsPwPolicyEntry2Ccn3Dusers2Ccn3Dsubscribers 2Cdc3

*Dourcompany2Cdc3Dcom,cn=nsPwPolicyContainer,cn=us ers,cn=subscribers,dc=ourcompany

*,dc=com

cn: cn=nsPwTemplateEntry,cn=users,cn=subscribers,dc=ou rcompany,dc=com



# entry-id: 17

dn: cn=nsPwPolicy_CoS,cn=users,cn=subscribers,dc=ourco mpany,dc=com

objectClass: ldapsubentry

objectClass: cosSuperDefinition

objectClass: cosPointerDefinition

objectClass: top

costemplatedn:
cn=cn3DnsPwTemplateEntry2Ccn3Dusers2Ccn3Dsubscribe rs2Cdc3Do

*urcompany2Cdc3Dcom,cn=nsPwPolicyContainer,cn=user s,cn=subscribers,dc=ourcompany,d

*c=com

cosAttribute: pwdpolicysubentry default operational-default

cn: nsPwPolicy_CoS



# entry-id: 18

dn: uid=testuser,cn=users,cn=subscribers,dc=ourcompany ,dc=com

givenName: U-da-man

uidNumber: 501

gidNumber: 501

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: inetorgperson

objectClass: account

objectClass: radiusprofile

uid: testuser

userPassword: {SSHA}HBk8h1pkgsUocxUgPF+HNeuHF1LgYaI99co6Aw==

radiusFramedMTU: 1400

radiusGroupName: local

radiusHuntgroupName: vpn.ourcompany.com

radiusRealm: vpn.ourcompany.com

radiusServiceType: Framed-User

radiusFilterId: std.ppp

passwordGraceUserTime: 0

dialupAccess: yes



There is also an attribute pwdpolicysubentry:
cn=cn3DnsPwPolicyEntry2Ccn3Dusers2Ccn3Daccounts2Cd c3Dourcompany2Cdc3Dcom,cn=nsPwPolicyContainer,cn=u sers,cn=accounts,dc=ourcompany,dc=com


that shows up in the testuser's profile from the console that does not
show up in the ldif dump.



Please help I have followed the documentation Redhat directory 8.2



thanks







--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users






--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 07:42 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -