Univention Bugzilla – Bug 53691
Fix {K5KEY} -Passwords ()
Last modified: 2021-08-23 16:47:39 CEST
I need to have a hashed user Password for my external App as I cannot use the NT-Password there (it gets synched) The Password gets generated correctly when I set it using admin -> users (app) but it won't when I use the selfservice. here is an easy solution to fix the problem: https://help.univention.com/t/password-self-service-macht-murks/9153/12
Try using the `userPassword` attribute instead of the `krb5Key`.
I actually use the "userPassword" -Attribute but the value on the field is "K5Key" for every user which changes his password through self-service. only when an admin sets the passwords inside the user-apps the value is correct and usable by my external App.
The self service doesn't directly insert `{K5KEY}` into the userPassword attribute. This is done by the AD-Connector and the S4-Connector. So there was a password set in Samba 4 or AD, which only transmits hashes to UCS. We don't have any plaintext password, so we can't write any into the userPasword attribute. The self-service detects if the UCS is configured as AD member (UCR variable ad/member) and the user originates from AD. Then it uses samba-tools to set the password in Samba.