Overview#The authentication password syntax defines a standard method for encoding a user Password for storage in the server, ideally in a manner that makes it difficult or impossible to determine the clear-text value of that password.
The authentication password syntax is described in RFC 3112, which defines the "authPassword" AttributeType and a corresponding "authPasswordObject" auxiliary object class that will allow the use of that attribute.
The basic form of a password encoded using the authentication password syntax is:
where scheme is the name of the scheme used to encode the value, authInfo is some kind of modifier (for example, a Salt) used in the encoding process, and authValue is the encoded password information. For example, the value "SHA1$RzqH67DY3uQ=$atAcDs1eS+IJwPy7V4UDXEoBrDI=" is encoded using the authentication password syntax (the scheme is "SHA1", the authInfo element is "RzqH67DY3uQ=", and the authValue element is "atAcDs1eS+IJwPy7V4UDXEoBrDI=").
The authentication password schemes supported by OpenDS include:
- MD5 -- Uses the MD5 message digest.
- SHA-1 -- Uses the SHA-1 variant of the Secure Hash Algorithm.
- SHA256 -- Uses the 256-bit SHA-2 variant of the Secure Hash Algorithm.
- SHA384 -- Uses the 384-bit SHA-2 variant of the Secure Hash Algorithm.
- SHA512 -- Uses the 512-bit SHA-2 variant of the Secure Hash Algorithm.