|Skip Navigation Links|
|Exit Print View|
|Oracle Directory Server Enterprise Edition Man Page Reference 11g Release 1 (220.127.116.11.0)|
- Sun ONE defined password policy attribute type
( 2.16.840.1.113718.104.22.168 NAME 'passwordStorageScheme' DESC 'Sun ONE defined password policy attribute type' SYNTAX 22.214.171.124.4.1.14126.96.36.199.15 X-DS-USE 'internal' X-ORIGIN 'Sun ONE Directory Server' )
Specifies the algorithm used to hash Directory Server passwords. The default password storage scheme is the Salted Secure Hash Algorithm (SSHA).
The following hash types are supported:
SSHA (Salted Secure Hash Algorithm) is the recommended method as it is the most secure.
SHA (Secure Hash Algorithm) a version in use before SSHA.
CRYPT is the UNIX crypt algorithm. It is provided for compatibility with UNIX passwords and supports MD5, Blowfish, and other strong algorithms. To specify the algorithm used, give the format of the salt in the nsslapd-plugingarg()() argument as follows:
The value is in the snprintf format corresponding to specific salt formats. For example, some of the formats supported include %.2s, $1$%.8s, $2a$04$%.22s, and $md5$%.8s$. If the string value maps to an algorithm that is not supported by the operating system, then a warning message is logged and the hash will be made using the default UNIX algorithm with a salt made of 31 random characters.
If this attribute is set to CLEAR, passwords are not encrypted and appear in plain text.
You can extend how password attributes are stored by writing your own password storage scheme plug-in.
Directory String, multi-valued.
Attribute specific to this Directory Server instance and version of the schema.
See attributes(5) for descriptions of the following attributes: