The Crypt Password Storage Scheme provides a mechanism for encoding user passwords using various crypt algorithms.
This implementation supports several encoding algorithms for the user password syntax, with a storage scheme name of "CRYPT".
The Crypt Password Storage Scheme component inherits from the Password Storage Scheme
A description of each property follows.
Basic Properties: | Advanced Properties: |
---|---|
↓ crypt-algorithm | ↓ crypt-rounds |
↓ enabled | ↓ java-class |
Description | Specifies which crypt algorithm to use. This password storage scheme supports various encoding algorithms under the same crypt storage scheme name. New passwords will be encoded using the algorithm set. Passwords encoded using other supported algorithms will stay in tact and continue to function. |
---|---|
Default Value | unix |
Allowed Values | md5 - PAM compatible MD5 Crypt algorithm implementation. sha256 - PAM compatible SHA256 Crypt algorithm implementation. sha512 - PAM compatible SHA512 Crypt algorithm implementation. unix - The UNIX crypt algorithm implementation is a one-way digest and is relatively weak by today's standards. Because it supports only a 12-bit salt (meaning that there are only 4096 possible ways to encode a given password), it is also vulnerable to dictionary attacks. You should therefore use this storage scheme only in cases where an external application expects to retrieve the password and verify it outside of the directory, rather than by performing an LDAP bind. |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | Indicates whether the Password Storage Scheme is enabled for use. |
---|---|
Default Value | None |
Allowed Values | true false |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | The number of crypt stretching rounds. |
---|---|
Default Value | 5000 |
Allowed Values | An integer value. Lower value is 1000. Upper value is 999999999 . |
Multi-valued | No |
Required | No |
Admin Action Required | SHA-based algorithms contains a loop which can be run an arbitrary number of times. The more rounds are performed the higher the CPU requirements are. This is a safety mechanism which might help countering brute-force attacks in the face of increasing computing power. Note that this is only applicable to SHA-based algorithms. |
Advanced Property | Yes |
Read-only | No |
Description | Specifies the fully-qualified name of the Java class that provides the Crypt Password Storage Scheme implementation. |
---|---|
Default Value | org.opends.server.extensions.CryptPasswordStorageScheme |
Allowed Values | A java class that implements or extends the class(es) : org.opends.server.api.PasswordStorageScheme |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced Property | Yes |
Read-only | No |