PBKDF2-HMAC-SHA256 Password Storage Scheme

Synopsis

Indicates whether the Password Storage Scheme is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

Synopsis

The number of algorithm iterations to make.

Description

By default, changes to this setting impact only newly created and updated passwords. However, if the rehash-policy is set to always or only-increase, it causes the server to recalculate each user’s password hash on their next authentication, and write the new hash to the user’s entry on disk. Changing the number of iterations therefore leads to a short-term spike in CPU and disk use as the server updates each user’s password when they next authenticate. Longer term, increasing this settings results in more secure passwords at the expense of longer response times and lower throughput.

Default Value

10000

Allowed Values

An integer.

Lower limit: 1.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced

No

Read-Only

No

Synopsis

Indicates whether the server should rehash passwords after the cost has been changed.

Description

Passwords will be rehashed when a user successfully authenticates. Note that rehashing will increase the write load on the server.

Default Value

never

Allowed Values

Multi-valued

No

Required

No

Admin Action Required

None

Advanced

No

Read-Only

No

Synopsis

Specifies the fully-qualified name of the Java class that provides the PBKDF2-HMAC-SHA256 Password Storage Scheme implementation.

Default Value

org.opends.server.extensions.PBKDF2HmacSHA256PasswordStorageScheme

Allowed Values

A Java class that extends or implements:

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

Yes

Read-Only

No