From 530ba03ecabb472f17d5d1ab546aec9390492de1 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 30 Aug 2010 11:46:47 +0200 Subject: sss_obfuscate tool A tool to add obfuscated passwords into the SSSD config file --- src/man/sss_obfuscate.8.xml | 113 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 src/man/sss_obfuscate.8.xml (limited to 'src/man/sss_obfuscate.8.xml') diff --git a/src/man/sss_obfuscate.8.xml b/src/man/sss_obfuscate.8.xml new file mode 100644 index 000000000..55bb1c331 --- /dev/null +++ b/src/man/sss_obfuscate.8.xml @@ -0,0 +1,113 @@ + + + +SSSD Manual pages + + + + + sss_obfuscate + 8 + + + + sss_obfuscate + obfuscate a clear text password + + + + + sss_obfuscate + + options + + [PASSWORD] + + + + + DESCRIPTION + + sss_obfuscate converts a given password into + human-unreadable format and places it into appropriate domain + section of the SSSD config file. + + + The cleartext password can be specified as an extra argument to the + program or read from standard input. + The obfuscated password is put into ldap_default_authtok + parameter of a given SSSD domain and the + ldap_default_authtok_type parameter is set to + obfuscated_password. Refer to + + sssd-ldap + 5 + + for more details on these parameters. + + + Please note that obfuscating the password provides no + real security benefit as it is still possible for an + attacker to reverse-engineer the password back. Using better + authentication mechanisms such as client side certificates or GSSAPI + is strongly advised. + + + + + OPTIONS + + + + + , + + + + The password to obfuscate will be read from standard + input. + + + + + + , + DOMAIN + + + + The SSSD domain to use the password in. The + default name is default. + + + + + + , + FILE + + + + Read the config file specified by the positional + parameter. + + + Default: /etc/sssd/sssd.conf + + + + + + + + SEE ALSO + + + sssd-ldap + 5 + + + + + -- cgit