Directory Services 7.4.3

SCRAM-SHA-256 SASL Mechanism Handler

The SCRAM-SHA-256 SASL mechanism performs all processing related to SASL SCRAM-SHA-256 authentication.

The SCRAM-SHA-256 SASL mechanism is defined in RFCs 5802 and 7677 and replaces the deprecated CRAM-MD5 and DIGEST-MD5 mechanisms. It is a cost-based password authentication approach, similar to PBKDF2, with the important difference that the computational effort is delegated to the client applications. This mechanism can only be used in conjunction with the SCRAM-SHA-256 password storage scheme.

Parent

The SCRAM-SHA-256 SASL Mechanism Handler object inherits from SASL Mechanism Handler.

Dependencies

SCRAM-SHA-256 SASL Mechanism Handlers depend on the following objects:

SCRAM-SHA-256 SASL Mechanism Handler properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

enabled
identity-mapper

java-class

Basic properties

Use the --advanced option to access advanced properties.

enabled

Synopsis

Indicates whether the SASL mechanism handler is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

identity-mapper

Synopsis

Specifies the name(s) of the identity mappers that are to be used with this SASL mechanism handler for matching the authentication or authorization ID included in SASL bind requests with users in the directory.

Default value

None

Allowed values

The name of an existing identity-mapper.

The referenced identity mapper(s) must be enabled when the SCRAM-SHA-256 SASL Mechanism Handler is enabled.

Multi-valued

Yes

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation.

Default value

org.opends.server.extensions.ScramSha256SASLMechanismHandler

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.SASLMechanismHandler

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

Copyright © 2010-2024 ForgeRock, all rights reserved.