Hello, Is there be a way to store a "clear version" of the passwords in an external storage (sql db, text file...) while turning on encryption on the directory server ? Thanks in advance, -- Mikael Kermorgant
Mikael Kermorgant wrote:> Is there be a way to store a "clear version" of the passwords in an > external storage (sql db, text file...) while turning on encryption > on the directory server ?Yes there is. It might be useful to know more about what you are trying to achieve, because there are a few ways to skin this cat. But to start, there is a magic attribute added to the entry during processing inside the server that holds the un-hashed password value (for operations that modify or add the password attribute). This is used for example to propagate cleartext password values in replication and for Windows sync. You can pick up that attribute in a plugin and salt it away somewhere.
> Yes there is. It might be useful to know more about what you are > trying to achieve, because there are a few ways to skin this cat.My goal is to create a "welcome" letter for each new student with account informations. Being able to create a mailing from a source like a spreadsheet or a database is what I''m looking for.> But to start, there is a magic attribute added to the entry during > processing > inside the server that holds the un-hashed password value (for > operations that modify or add the password attribute). This is used > for example to propagate cleartext password values in replication > and for Windows sync. You can pick up that attribute in a plugin > and salt it away somewhere.That''s good and bad news for me ! Good news is it''s possible, bad news is that writing a plugin is something too complicated for my computing skills :( Still any hope for my situation ? Thanks, -- Mikael Kermorgant
> > That''s good and bad news for me ! > Good news is it''s possible, bad news is that writing a plugin is > something too complicated for my computing skills :( > Still any hope for my situation ?I''m thinking that the password in question will be auto-generated from some script that creates new users , no ? If so then I''d simply have that script dump the plaintext password into the external database and generate letters from that. Mailing the plaintext password that a user selects themselves seems not useful, hence my assumption that this is a computer generated password.
2006/5/5, David Boreham <david_list@boreham.org>:> > > > > That''s good and bad news for me ! > > Good news is it''s possible, bad news is that writing a plugin is > > something too complicated for my computing skills :( > > Still any hope for my situation ? > > I''m thinking that the password in question will be auto-generated > from some script that creates new users , no ? If so then I''d simply > have that script dump the plaintext password into the external > database and generate letters from that.Yes, I think I''ll use that solution. Just a last question : if I create a user wia DSGW, will I be able to catch the password to put it in my database with something different of a plugin ? Thanks ! -- Mikael Kermorgant
Mikael Kermorgant wrote:> 2006/5/5, David Boreham <david_list@boreham.org>: >> >> > >> > That''s good and bad news for me ! >> > Good news is it''s possible, bad news is that writing a plugin is >> > something too complicated for my computing skills :( >> > Still any hope for my situation ? >> >> I''m thinking that the password in question will be auto-generated >> from some script that creates new users , no ? If so then I''d simply >> have that script dump the plaintext password into the external >> database and generate letters from that. > > Yes, I think I''ll use that solution. > Just a last question : if I create a user wia DSGW, will I be able to > catch the password to put it in my database with something different > of a plugin ?Well, it''s a bit of a hack, but what you could do is rename the binary clients/dsgw/bin/newentry to be newentry.bin, and create a shell script newentry, and have it dump out stdin to a file before passing it to newentry.bin> > Thanks ! > -- > Mikael Kermorgant > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users