Overview#

The authentication password syntax defines a standard method for encoding a user Password for storage in the server, ideally in a manner that makes it difficult or impossible to determine the clear-text value of that password.

The authentication password syntax is described in RFC 3112, which defines the "authPassword" AttributeType and a corresponding "authPasswordObject" auxiliary object class that will allow the use of that attribute.

The basic form of a password encoded using the authentication password syntax is:

scheme$authInfo$authValue

where scheme is the name of the scheme used to encode the value, authInfo is some kind of modifier (for example, a Salt) used in the encoding process, and authValue is the encoded password information. For example, the value "SHA1$RzqH67DY3uQ=$atAcDs1eS+IJwPy7V4UDXEoBrDI=" is encoded using the authentication password syntax (the scheme is "SHA1", the authInfo element is "RzqH67DY3uQ=", and the authValue element is "atAcDs1eS+IJwPy7V4UDXEoBrDI=").

The authentication password schemes supported by OpenDS include:

  • MD5 -- Uses the MD5 message digest.
  • SHA-1 -- Uses the SHA-1 variant of the Secure Hash Algorithm.
  • SHA256 -- Uses the 256-bit SHA-2 variant of the Secure Hash Algorithm.
  • SHA384 -- Uses the 384-bit SHA-2 variant of the Secure Hash Algorithm.
  • SHA512 -- Uses the 512-bit SHA-2 variant of the Secure Hash Algorithm.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-12) was last changed on 15-Apr-2015 16:52 by jim