SCRAM-SHA-256 SASL Mechanism Handler
The SCRAM-SHA-256 SASL mechanism performs all processing related to SASL SCRAM-SHA-256 authentication.
The SCRAM-SHA-256 SASL mechanism is defined in RFCs 5802 and 7677 and replaces the deprecated CRAM-MD5 and DIGEST-MD5 mechanisms. It is a cost-based password authentication approach, similar to PBKDF2, with the important difference that the computational effort is delegated to the client applications. This mechanism can only be used in conjunction with the SCRAM-SHA-256 password storage scheme.
Parent
The SCRAM-SHA-256 SASL Mechanism Handler object inherits from SASL Mechanism Handler.
SCRAM-SHA-256 SASL Mechanism Handler Properties
You can use configuration expressions to set property values at startup time. For details, see Property Value Substitution.
Basic Properties | Advanced Properties |
---|---|
enabled
Synopsis |
Indicates whether the SASL mechanism handler is enabled for use. |
Default Value |
None |
Allowed Values |
true false |
Multi-valued |
No |
Required |
Yes |
Admin Action Required |
None |
Advanced |
No |
Read-Only |
No |
identity-mapper
Synopsis |
Specifies the name(s) of the identity mappers that are to be used with this SASL mechanism handler for matching the authentication or authorization ID included in SASL bind requests with users in the directory. |
Default Value |
None |
Allowed Values |
The name of an existing identity-mapper. The referenced identity mapper(s) must be enabled when the SCRAM-SHA-256 SASL Mechanism Handler is enabled. |
Multi-valued |
Yes |
Required |
Yes |
Admin Action Required |
None |
Advanced |
No |
Read-Only |
No |
Advanced Properties
Use the --advanced
option to access advanced properties.
java-class
Synopsis |
Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. |
Default Value |
org.opends.server.extensions.ScramSha256SASLMechanismHandler |
Allowed Values |
A Java class that extends or implements:
|
Multi-valued |
No |
Required |
Yes |
Admin Action Required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
Yes |
Read-Only |
No |