authentication password syntax

The authentication password syntax defines a standard method for encoding a user password for storage in the server, ideally in a manner that makes it difficult or impossible to determine the clear-text value of that password.

The authentication password syntax is described in RFC 3112, which defines the authPassword attribute type and a corresponding authPasswordObject auxiliary object class that will allow the use of that attribute.

The basic form of a password encoded using the authentication password syntax is:

scheme $authInfo $ authValue

where scheme is the name of the scheme used to encode the value, authInfo is some kind of modifier (for example, a salt) used in the encoding process, and authValue is the encoded password information. For example, the value SHA1$RzqH67DY3uQ=$atAcDs1eS+IJwPy7V4UDXEoBrDI= is encoded using the authentication password syntax The scheme is SHA1, the authInfo element is RzqH67DY3uQ=, and the authValue element is atAcDs1eS+IJwPy7V4UDXEoBrDI=.

The authentication password schemes supported by the directory server include the following:

MD5

Uses the MD5 message digest.

SHA1

Uses the SHA-1 variant of the Secure Hash Algorithm.

SHA256

Uses the 256-bit SHA-2 variant of the Secure Hash Algorithm.

SHA384

Uses the 384-bit SHA-2 variant of the Secure Hash Algorithm.

SHA512

Uses the 512-bit SHA-2 variant of the Secure Hash Algorithm.