|Oracle® Fusion Middleware Man Page Reference for Oracle Directory Server Enterprise Edition
11g Release 1 (220.127.116.11.0)
Part Number E28967-01
|PDF · Mobi · ePub|
Sun ONE defined password policy attribute type
( 2.16.840.1.113718.104.22.168 NAME 'passwordStorageScheme' DESC 'Sun ONE defined password policy attribute type' SYNTAX 22.214.171.124.4.1.14126.96.36.199.15 X-DS-USE 'internal' X-ORIGIN 'Sun ONE Directory Server' )
Specifies the algorithm used to hash Directory Server passwords. The default password storage scheme is the Salted Secure Hash Algorithm (SSHA).
The following hash types are supported:
SSHA (Salted Secure Hash Algorithm) is the recommended method as it is the most secure.
SHA (Secure Hash Algorithm) a version in use before SSHA.
CRYPT is the UNIX crypt algorithm. It is provided for compatibility with UNIX passwords and supports MD5, Blowfish, and other strong algorithms. To specify the algorithm used, give the format of the salt in the
nsslapd-plugingarg() () argument as follows:
The value is in the
snprintf format corresponding to specific salt formats. For example, some of the formats supported include
$md5$%.8s$. If the string value maps to an algorithm that is not supported by the operating system, then a warning message is logged and the hash will be made using the default UNIX algorithm with a salt made of 31 random characters.
If this attribute is set to CLEAR, passwords are not encrypted and appear in plain text.
You can extend how password attributes are stored by writing your own password storage scheme plug-in.
Directory String, multi-valued.
Attribute specific to this Directory Server instance and version of the schema.
attributes(5) for descriptions of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|