GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
SLAPD-PW-SHA2(5) FreeBSD File Formats Manual SLAPD-PW-SHA2(5)

slapd-pw-sha2 - SHA-2 password module to slapd

ETCDIR/slapd.conf

moduleload pw-sha2

The pw-sha2 module to slapd(8) provides support for the use of SSHA-512, SSHA-384, SSHA-256, SHA-512, SHA-384 and SHA-256 from the SHA-2 family (FIPS 180-2) of hash functions in hashed passwords in OpenLDAP.

It does so by providing the following additional password schemes for use in slapd:

{SSHA256}
SHA-256 with salt, giving hash values of 256 bits length
{SHA256}
plain SHA-256 giving hash values of 256 bits length
{SSHA384}
SHA-384 with salt, giving hash values of 384 bits length
{SHA384}
plain SHA-384 giving hash values of 384 bits length
{SSHA512}
SHA-512 with salt, giving hash values of 512 bits length
{SHA512}
plain SHA-512 giving hash values of 512 bits length

The pw-sha2 module does not need any configuration.

After loading the module, the password schemes {SSHA256}, {SSHA384}, {SSHA512}, {SSHA256}, {SHA384}, and {SHA512} will be recognised in values of the userPassword attribute.

You can then instruct OpenLDAP to use these schemes when processing the LDAPv3 Password Modify (RFC 3062) extended operations by using the password-hash option in slapd.conf(5).

If you want to use the schemes described here with slappasswd(8), don't forget to load the module using its command line options. The relevant option/value is:

-o module-load=pw-sha2

Depending on pw-sha2's location, you may also need:

-o module-path=pathspec

All of the userPassword LDAP attributes below encode the password 'secret'. 
userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==

userPassword: {SHA384}WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt

userPassword: {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=

To make {SSHA512} the password hash used in Password Modify extended operations, simply set this line in slapd.conf(5):

password-hash   {SSHA512}

slapd.conf(5), ldappasswd(1), slappasswd(8), ldap(3),

"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)

This manual page has been written by Peter Marschall based on the module's README file written by Jeff Turner.

OpenLDAP is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). OpenLDAP is derived from University of Michigan LDAP 3.3 Release.

RELEASEDATE OpenLDAP LDVERSION
Search for    or go to Top of page |  Section 5 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.