'=?utf-8?q?=5B389-users=5D?= How do I change the root password storage scheme to CRYPT-SHA512 through'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-directory-users
Subject:    =?utf-8?q?=5B389-users=5D?= How do I change the root password storage scheme to CRYPT-SHA512 through
From:       spike <spike () fedoraproject ! org>
Date:       2021-04-16 7:04:02
Message-ID: 6095b02d-888b-82e6-5071-e6baffed2765 () fedoraproject ! org
[Download RAW message or body]


Hi everyone,

I'd like to change the default root password storage scheme from PBKDF2_SHA256 to \
CRYPT-SHA512 but I'm not having much success. I'm using the RHDS 11 documentation \
(https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/administration_guide/index#change_directory_manager_storage_scheme-CLI) \
as a reference since the 389ds documentation page \
(https://directory.fedoraproject.org/docs/389ds/documentation.html) refers to that as \
"The best documentation for use and deployment". The 389ds version is 1.4.4.15 which \
should correspond with RHDS 11.

What I've tried:

# mkpasswd -m sha512crypt secret
$6$gOiCU3fNsdrH9.mR$fVxsLUf0JLS4wYdQa98VNy7mIy.LkShcdNcJbAFPE.10PKJ7EFD4hB0C33znHyIjgPF67IxNVNKgkKDiuuxQq/
 # dsconf localhost config replace nsslapd-rootpwstoragescheme=CRYPT-SHA512 \
nsslapd-rootpw="{crypt}$6$gOiCU3fNsdrH9.mR$fVxsLUf0JLS4wYdQa98VNy7mIy.LkShcdNcJbAFPE.10PKJ7EFD4hB0C33znHyIjgPF67IxNVNKgkKDiuuxQq/"
 selinux is disabled, will not relabel ports or files.
Successfully replaced "nsslapd-rootpwstoragescheme"
selinux is disabled, will not relabel ports or files.
Successfully replaced "nsslapd-rootpw"


Which results in me being unable to log in (bind non-anonymously). I've also tried:

# dsconf localhost config replace nsslapd-rootpwstoragescheme=CRYPT-SHA512 \
nsslapd-rootpw="{CRYPT-SHA512}$6$gOiCU3fNsdrH9.mR$fVxs..."

and

# dsconf localhost config replace nsslapd-rootpwstoragescheme=CRYPT-SHA512 \
nsslapd-rootpw="$6$gOiCU3fNsdrH9.mR$fVxs..."

which were also unsuccessful (login not possible).

Setting a `CRYPT-SHA512` password though the 389ds cockpit UI plugin works fine \
though, so I'm pretty sure I'm just not getting the syntax for `dsconf` correctly.

Any pointers are greatly appreciated.

Cheers!
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
 Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic