Bug 488892 - Document how to migrate user passwords without affecting user experience
Summary: Document how to migrate user passwords without affecting user experience
Status: CLOSED DUPLICATE of bug 646211
Alias: None
Product: freeIPA
Classification: Retired
Component: Documentation
Version: 2.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: v2 release
Assignee: David O'Brien
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Keywords: Documentation
Depends On:
Blocks: 431020 freeipa20 489811 646211 646217
TreeView+ depends on / blocked
 
Reported: 2009-03-06 04:37 UTC by David O'Brien
Modified: 2015-01-04 23:37 UTC (History)
4 users (show)

(edit)
Clone Of:
: 646211 (view as bug list)
(edit)
Last Closed: 2010-11-29 02:31:26 UTC


Attachments (Terms of Use)

Description David O'Brien 2009-03-06 04:37:02 UTC
Description of problem:


Version-Release number of selected component (if applicable):


Additional info:
pam_krb5_migrate seems to be the preferred or intended method. Need info on how this works.

Comment 1 David O'Brien 2009-03-08 21:55:22 UTC
Version set to 1.1 by  mistake. Resetting to 2.0

Comment 2 David O'Brien 2009-08-14 04:08:30 UTC
Chandra, can you (or somebody) point me to some suitable refs for this? It's completely outside my area. Even if somebody writes up some basic draft doc and procedures I can edit it and include it in the Migration Guide.
thanks

Comment 4 Pavel Zuna 2010-02-24 13:43:30 UTC
If identities were migrated using the method described in my recent post here https://bugzilla.redhat.com/show_bug.cgi?id=488891 . Password were migrated as well and they can be used to BIND to the directory server IPA uses. However Kerberos accounts are not enabled, because the migration script is unable to generate Kerberos keys as it needs clear-text passwords for that.

Users can enable their Kerberos accounts either by:
1) performing a simple BIND to the directory server. This isn't recommended though, because it's not very user friendly.
2) logging in at https://example.com/ipa/migration/
3) using SSSD - it should handle everything transparently

Comment 5 David O'Brien 2010-11-29 02:31:26 UTC

*** This bug has been marked as a duplicate of bug 646211 ***


Note You need to log in before you can comment on or make changes to this bug.