Oracle® Fusion Middleware Man Page Reference for Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1.7.0) Part Number E28967-01 |
|
|
PDF · Mobi · ePub |
Sun ONE defined password policy attribute type
Synopsis
( 2.16.840.1.113730.3.1.221 NAME 'passwordStorageScheme' DESC 'Sun ONE defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-DS-USE 'internal' X-ORIGIN 'Sun ONE Directory Server' )
Description
Specifies the algorithm used to hash Directory Server passwords. The default password storage scheme is the Salted Secure Hash Algorithm (SSHA).
The following hash types are supported:
SSHA (Salted Secure Hash Algorithm) is the recommended method as it is the most secure.
SHA (Secure Hash Algorithm) a version in use before SSHA.
CRYPT is the UNIX crypt algorithm. It is provided for compatibility with UNIX passwords and supports MD5, Blowfish, and other strong algorithms. To specify the algorithm used, give the format of the salt in the nsslapd-plugingarg() ()
argument as follows:
nsslapd-pluginarg(): value()
The value is in the snprintf
format corresponding to specific salt formats. For example, some of the formats supported include %.2s
, $1$%.8s
, $2a$04$%.22s
, and $md5$%.8s$
. If the string value maps to an algorithm that is not supported by the operating system, then a warning message is logged and the hash will be made using the default UNIX algorithm with a salt made of 31 random characters.
If this attribute is set to CLEAR, passwords are not encrypted and appear in plain text.
You can extend how password attributes are stored by writing your own password storage scheme plug-in.
Syntax
Directory String, multi-valued.
Usage
Attribute specific to this Directory Server instance and version of the schema.
Examples
passwordStorageScheme: CLEAR
Attributes
See attributes
(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability |
SUNWdsee7 |
Stability Level |
Evolving |