Skip to content


encrypted password in sssd.conf

Currently, the password of the “AD search only” account in the /etc/sssd/sssd.conf is not encrypted.

ldap_default_authtok_type = password
ldap_default_authtok = ^Marco$Polo2011$

To change this situation and to encrypt it follow this steps

# yum –y install sssd-tools

# sss_obfuscate -d WMD.EDU
Enter password - ^Marco$Polo2011$
Enter again = ^Marco$Polo2011$ 

The last command command modifies the file changing the following two entries:

ldap_default_authtok_type = obfuscated_password
ldap_default_authtok = AAAQALnUQMEhhj7/reDfWBkSbUrOCvfxuOwJfdOXFxGzUoGS8zOZWCP5jC4BqvcFkBk8q

Posted in LINUX.

Tagged with , .


2 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Anonymous says

    Traceback (most recent call last):
    File “/usr/sbin/sss_obfuscate”, line 117, in
    ret = main()
    File “/usr/sbin/sss_obfuscate”, line 106, in main
    sssdconfig.write()
    File “/usr/lib/python2.6/site-packages/SSSDConfig/__init__.py”, line 1478, in write
    output = self.dump(self.opts).encode(‘utf-8’)
    UnicodeDecodeError: ‘ascii’ codec can’t decode byte 0xe2 in position 662: ordinal not in range(128)

    getting above error, any idea why?

  2. MarkD:-) says

    have you updated or installed python on this box?



Some HTML is OK

or, reply to this post via trackback.

WordPress Anti Spam by WP-SpamShield



Copyright © 2016 - 2017 Waldemar Mark Duszyk. All Rights Reserved. Created by Blog Copyright.