Red Hat Bugzilla – Bug 488892
Document how to migrate user passwords without affecting user experience
Last modified: 2015-01-04 18:37:03 EST
Description of problem:
Version-Release number of selected component (if applicable):
pam_krb5_migrate seems to be the preferred or intended method. Need info on how this works.
Version set to 1.1 by mistake. Resetting to 2.0
Chandra, can you (or somebody) point me to some suitable refs for this? It's completely outside my area. Even if somebody writes up some basic draft doc and procedures I can edit it and include it in the Migration Guide.
If identities were migrated using the method described in my recent post here https://bugzilla.redhat.com/show_bug.cgi?id=488891 . Password were migrated as well and they can be used to BIND to the directory server IPA uses. However Kerberos accounts are not enabled, because the migration script is unable to generate Kerberos keys as it needs clear-text passwords for that.
Users can enable their Kerberos accounts either by:
1) performing a simple BIND to the directory server. This isn't recommended though, because it's not very user friendly.
2) logging in at https://example.com/ipa/migration/
3) using SSSD - it should handle everything transparently
*** This bug has been marked as a duplicate of bug 646211 ***