#2921 Support disabled ipaNTHash values in password plugin
Opened 9 years ago by abbra. Modified 5 years ago

As part of discussion for ticket #2867, ability to convey the fact that users have no RC4-HMAC key in their kerberos keys and haven't yet changed their password is deemed important to optimize LDAP traffic in ipasam module.

Therefore, it would be good if password change code will take into account that ipaNTHash value may be set to 'DISABLE' by pre-mod op for ipaNTHash in case it doesn't see RC4-HMAC key.

'DISABLE' value can safely be overridden by password change code. Upon change, ipaNTHash attribute would then contain proper NT hash of the password.

Metadata Update from @abbra:
- Issue assigned to simo
- Issue set to the milestone: Future Releases

5 years ago

Login to comment on this ticket.