#47753 Add switch to disable pre-hashed password checking
Closed: Fixed None Opened 6 years ago by nkinder.

By default, 389 DS doesn't allow pre-hashed passwords to be set by anyone other than Directory Manager. This privilege can be delegated to other users by adding them to the Password Administrators group. This works fine for most cases, but there are cases where one might want to allow anyone to set pre-hashed passwords. An example is the FreeIPA project, who has their own SLAPI plug-in that controls pre-hashed password checking. We should add a switch to completely disable pre-hashed password checking to support this case.

Reviewed by Mark.

Pushed to master:
ccc61a3..ab64389 master -> master
commit ab64389

Please check https://fedorahosted.org/freeipa/ticket/4450#comment:6. FreeIPA team would like to ask for backporting this patch to 1.3.2 branch (and Fedora 20 build) as it is now blocking password migration process.

Pushed to 389-ds-base-1.3.2:
daffe97..7498972 389-ds-base-1.3.2 -> 389-ds-base-1.3.2
commit 7498972

Metadata Update from @mkosek:
- Issue assigned to nkinder
- Issue set to the milestone:

3 years ago

Login to comment on this ticket.