The encode-password command encodes and compares user passwords.
This command is not supported for the proxy.
encode-password options
The encode-password command can be used to interact with the password storage schemes defined in the directory server. It has three modes of operation:
List schemes mode. List the password storage schemes that are available in the directory server. In this mode, only the --listSchemes option is required.
Encode clear-text mode. Encode a clear-text password using a provided password storage scheme. In this mode, the --storageScheme option is required, along with a clear-text password either given as an option with --clearPassword or read from a file by using --clearPasswordFile.
Validate password mode. Determine whether a given clear-text password is correct for a provided encoded password. In this mode, both a clear-text password (either from --clearPassword or --clearPasswordFile) and an encoded password (either from --encodedPassword or --encodedPasswordFile) are required.
The set of authentication passwords available for use in the directory server can be retrieved from the supportedAuthPasswordSchemes attribute of the root DSE entry. You can use ldapsearch to view this information.
The encode-password command accepts an option in either its short form (for example, -c clearPassword) or its long form equivalent (for example, --clearPassword clearPassword).
Use the Authentication Password Syntax (as defined in RFC 3112), which encodes values in a form scheme$authInfo$authValue. If this option is not provided, then the user password syntax (which encodes values in a form scheme$value will be used.
Specify the clear-text password on which to operate when either encoding a clear-text password or comparing a clear-text password against an encoded password. This option must not be used in conjunction with --clearPasswordFile.
Use the encoded password to compare against a given clear-text password. If the --authPasswordSyntax option is also provided, then this password must be encoded using the authentication password syntax. Otherwise, it should be encoded using the user password syntax. This option must not be used in conjunction with --encodedPasswordFile.
Use the encoded password from the specified file to compare against a given clear-text password. If the --authPasswordSyntax option is also provided, then this password must be encoded using the authentication password syntax. Otherwise, it should be encoded using the user password syntax. This option must not be used in conjunction with --encodedPassword.
Use the clear-text password from the specified file when either encoding a clear-text password or comparing a clear-text password against an encoded password. The option must not be used in conjunction with --clearPassword.
The password to encode or to compare against an encoded password is interactively requested from the user.
Display a list of the password storage schemes that are available for use in the directory server. If the option is used by itself, it displays the names of the password storage schemes that support the user password syntax. If the option used in conjunction with --authPasswordSyntax, it displays the names of the password storage schemes that support the authentication password syntax.
Use an exit code that indicates whether a given clear-text password matched a provided encoded password. If this option is provided, the directory server results in an exit code of 6 (COMPARE_TRUE) or an exit code of 5 (COMPARE_FALSE). Any other exit code indicates that the command failed to complete its processing to make the necessary determination. If this option is not provided, an exit code of zero will be used to indicate that the command completed its processing successfully, or something other than zero if an error occurred.
Specify the name of the password storage scheme to use when encoding a clear-text password. If the --authPasswordSyntax option is provided, the value must be the name of a supported authentication password storage scheme. Otherwise, specify the name of a supported user password storage scheme.
Display the command-line usage information for the command and exit immediately without taking any other action.
Display the version information for the directory server.
The following examples show how to use the directory server commands. You can use the commands on any UNIX, Linux, or Windows system that has at least the Java SE 5 (at least Sun version 1.5.0_08, preferably the latest version of Java SE 6) runtime environment installed on its target system. See Sun OpenDS Standard Edition System Requirements in Sun OpenDS Standard Edition 2.2 Installation Guide for more information.
The following command lists the storage schemes (-l) available for use on the directory server.
$ encode-password -l 3DES AES BASE64 BLOWFISH CLEAR CRYPT MD5 RC4 SHA SMD5 SSHA SSHA256 SSHA384 SSHA512
The following command lists the storage schemes (-l) that support the authentication passcode syntax (-a) on the directory server.
$ encode-password -l -a MD5 SHA1 SHA256 SHA384 SHA512
The following command encodes a clear-text password (-c) using the specified scheme (-s).
$ encode-password -c opendsrocks -s MD5 Encoded Password: "{MD5}AjxHKRFkRwxx3j9lM2HMow=="
The following command encodes a clear-text password (-c) using the specified scheme (-s) and the authentication password syntax (-a).
$ encode-password -c opendsrocks -s MD5 -a Encoded Password: "MD5$/imERhcEu3U=$AFqmpZi8EiTIvMFwkcrf8A=="
The following command compares a clear-text password (-c) with an encoded password (-e). Do not include the password scheme (for example, MD5) in your encoded password.
$ encode-password -c opendsrocks -e "AjxHKRFkRwxx3j9lM2HMow==" -s MD5 The provided clear-text and encoded passwords match
The following command compares a clear-text password (-f) with an encoded password (-e) using the scheme (-s) and returns the exit code (-r) (6 for COMPARETRUE; 5 for COMPAREFALSE). Do not include the password scheme (for example, MD5) in your encoded password.
$ encode-password -c opendsrocks -e "AjxHKRFkRwxx3j9lM2HMow==" -s MD5 -r The provided clear-text and encoded passwords match echo $? 6
The following command encodes a clear-text password in a file (-f) using the specified scheme (-s). For Windows platforms, specify the path to your clear-text password file (for example, -f \temp\testpassword):
$ encode-password -s SSHA -f /tmp/testpassword Encoded Password: "{SSHA}QX2fMu+2N22N9qI+zu6fIZxsBVID3EsUlYYEbQ=="
|
UNIX and Linux: install-dir/bin/encode-password
Windows: install-dir\bat\encode-password.bat