By default, 389 DS doesn't allow pre-hashed passwords to be set by anyone other than Directory Manager. This privilege can be delegated to other users by adding them to the Password Administrators group. This works fine for most cases, but there are cases where one might want to allow anyone to set pre-hashed passwords. An example is the FreeIPA project, who has their own SLAPI plug-in that controls pre-hashed password checking. We should add a switch to completely disable pre-hashed password checking to support this case.
attachment 0001-Ticket-47753-Add-switch-to-disable-pre-hashed-passwo.patch
Reviewed by Mark.
Pushed to master: ccc61a3..ab64389 master -> master commit ab64389
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1118051
Please check https://fedorahosted.org/freeipa/ticket/4450#comment:6. FreeIPA team would like to ask for backporting this patch to 1.3.2 branch (and Fedora 20 build) as it is now blocking password migration process.
git patch file (1.3.2) -- backported 0001-Ticket-47753-Add-switch-to-disable-pre-hashed-passwo.2.patch
Pushed to 389-ds-base-1.3.2: daffe97..7498972 389-ds-base-1.3.2 -> 389-ds-base-1.3.2 commit 7498972
Metadata Update from @mkosek: - Issue assigned to nkinder - Issue set to the milestone: 1.3.2.20
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1085
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Log in to comment on this ticket.