Name

dsconfig create-password-storage-scheme — Creates Password Storage Schemes

Synopsis

dsconfig create-password-storage-scheme {options}

Options

The dsconfig create-password-storage-scheme command takes the following options:

--scheme-name {name}

The name of the new Password Storage Scheme.

Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {name} you provide.

By default, OpenDJ directory server supports the following Password Storage Scheme types:

aes-password-storage-scheme

Default {name}: AES Password Storage Scheme

Enabled by default: true

See the section called “AES Password Storage Scheme” for the properties of this Password Storage Scheme type.

base64-password-storage-scheme

Default {name}: Base64 Password Storage Scheme

Enabled by default: true

See the section called “Base64 Password Storage Scheme” for the properties of this Password Storage Scheme type.

bcrypt-password-storage-scheme

Default {name}: Bcrypt Password Storage Scheme

Enabled by default: true

See the section called “Bcrypt Password Storage Scheme” for the properties of this Password Storage Scheme type.

blowfish-password-storage-scheme

Default {name}: Blowfish Password Storage Scheme

Enabled by default: true

See the section called “Blowfish Password Storage Scheme” for the properties of this Password Storage Scheme type.

clear-password-storage-scheme

Default {name}: Clear Password Storage Scheme

Enabled by default: true

See the section called “Clear Password Storage Scheme” for the properties of this Password Storage Scheme type.

crypt-password-storage-scheme

Default {name}: Crypt Password Storage Scheme

Enabled by default: true

See the section called “Crypt Password Storage Scheme” for the properties of this Password Storage Scheme type.

md5-password-storage-scheme

Default {name}: MD5 Password Storage Scheme

Enabled by default: true

See the section called “MD5 Password Storage Scheme” for the properties of this Password Storage Scheme type.

pbkdf2-hmac-sha256-password-storage-scheme

Default {name}: PBKDF2 Hmac SHA256 Password Storage Scheme

Enabled by default: true

See the section called “PBKDF2 Hmac SHA256 Password Storage Scheme” for the properties of this Password Storage Scheme type.

pbkdf2-hmac-sha512-password-storage-scheme

Default {name}: PBKDF2 Hmac SHA512 Password Storage Scheme

Enabled by default: true

See the section called “PBKDF2 Hmac SHA512 Password Storage Scheme” for the properties of this Password Storage Scheme type.

pkcs5s2-password-storage-scheme

Default {name}: PKCS5S2 Password Storage Scheme

Enabled by default: true

See the section called “PKCS5S2 Password Storage Scheme” for the properties of this Password Storage Scheme type.

rc4-password-storage-scheme

Default {name}: RC4 Password Storage Scheme

Enabled by default: true

See the section called “RC4 Password Storage Scheme” for the properties of this Password Storage Scheme type.

salted-md5-password-storage-scheme

Default {name}: Salted MD5 Password Storage Scheme

Enabled by default: true

See the section called “Salted MD5 Password Storage Scheme” for the properties of this Password Storage Scheme type.

salted-sha1-password-storage-scheme

Default {name}: Salted SHA1 Password Storage Scheme

Enabled by default: true

See the section called “Salted SHA1 Password Storage Scheme” for the properties of this Password Storage Scheme type.

salted-sha256-password-storage-scheme

Default {name}: Salted SHA256 Password Storage Scheme

Enabled by default: true

See the section called “Salted SHA256 Password Storage Scheme” for the properties of this Password Storage Scheme type.

salted-sha384-password-storage-scheme

Default {name}: Salted SHA384 Password Storage Scheme

Enabled by default: true

See the section called “Salted SHA384 Password Storage Scheme” for the properties of this Password Storage Scheme type.

salted-sha512-password-storage-scheme

Default {name}: Salted SHA512 Password Storage Scheme

Enabled by default: true

See the section called “Salted SHA512 Password Storage Scheme” for the properties of this Password Storage Scheme type.

sha1-password-storage-scheme

Default {name}: SHA1 Password Storage Scheme

Enabled by default: true

See the section called “SHA1 Password Storage Scheme” for the properties of this Password Storage Scheme type.

triple-des-password-storage-scheme

Default {name}: Triple DES Password Storage Scheme

Enabled by default: true

See the section called “Triple DES Password Storage Scheme” for the properties of this Password Storage Scheme type.

--set {PROP:VALUE}

Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.

Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the --scheme-name {name} option.

-t | --type {type}

The type of Password Storage Scheme which should be created. The value for TYPE can be one of: aes | base64 | bcrypt | blowfish | clear | crypt | custom | md5 | pbkdf2 | pbkdf2-hmac-sha256 | pbkdf2-hmac-sha512 | pkcs5s2 | rc4 | salted-md5 | salted-sha1 | salted-sha256 | salted-sha384 | salted-sha512 | sha1 | triple-des.

Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {type} you provide.

By default, OpenDJ directory server supports the following Password Storage Scheme types:

aes-password-storage-scheme

Default {type}: AES Password Storage Scheme

Enabled by default: true

See the section called “AES Password Storage Scheme” for the properties of this Password Storage Scheme type.

base64-password-storage-scheme

Default {type}: Base64 Password Storage Scheme

Enabled by default: true

See the section called “Base64 Password Storage Scheme” for the properties of this Password Storage Scheme type.

bcrypt-password-storage-scheme

Default {type}: Bcrypt Password Storage Scheme

Enabled by default: true

See the section called “Bcrypt Password Storage Scheme” for the properties of this Password Storage Scheme type.

blowfish-password-storage-scheme

Default {type}: Blowfish Password Storage Scheme

Enabled by default: true

See the section called “Blowfish Password Storage Scheme” for the properties of this Password Storage Scheme type.

clear-password-storage-scheme

Default {type}: Clear Password Storage Scheme

Enabled by default: true

See the section called “Clear Password Storage Scheme” for the properties of this Password Storage Scheme type.

crypt-password-storage-scheme

Default {type}: Crypt Password Storage Scheme

Enabled by default: true

See the section called “Crypt Password Storage Scheme” for the properties of this Password Storage Scheme type.

md5-password-storage-scheme

Default {type}: MD5 Password Storage Scheme

Enabled by default: true

See the section called “MD5 Password Storage Scheme” for the properties of this Password Storage Scheme type.

pbkdf2-hmac-sha256-password-storage-scheme

Default {type}: PBKDF2 Hmac SHA256 Password Storage Scheme

Enabled by default: true

See the section called “PBKDF2 Hmac SHA256 Password Storage Scheme” for the properties of this Password Storage Scheme type.

pbkdf2-hmac-sha512-password-storage-scheme

Default {type}: PBKDF2 Hmac SHA512 Password Storage Scheme

Enabled by default: true

See the section called “PBKDF2 Hmac SHA512 Password Storage Scheme” for the properties of this Password Storage Scheme type.

pkcs5s2-password-storage-scheme

Default {type}: PKCS5S2 Password Storage Scheme

Enabled by default: true

See the section called “PKCS5S2 Password Storage Scheme” for the properties of this Password Storage Scheme type.

rc4-password-storage-scheme

Default {type}: RC4 Password Storage Scheme

Enabled by default: true

See the section called “RC4 Password Storage Scheme” for the properties of this Password Storage Scheme type.

salted-md5-password-storage-scheme

Default {type}: Salted MD5 Password Storage Scheme

Enabled by default: true

See the section called “Salted MD5 Password Storage Scheme” for the properties of this Password Storage Scheme type.

salted-sha1-password-storage-scheme

Default {type}: Salted SHA1 Password Storage Scheme

Enabled by default: true

See the section called “Salted SHA1 Password Storage Scheme” for the properties of this Password Storage Scheme type.

salted-sha256-password-storage-scheme

Default {type}: Salted SHA256 Password Storage Scheme

Enabled by default: true

See the section called “Salted SHA256 Password Storage Scheme” for the properties of this Password Storage Scheme type.

salted-sha384-password-storage-scheme

Default {type}: Salted SHA384 Password Storage Scheme

Enabled by default: true

See the section called “Salted SHA384 Password Storage Scheme” for the properties of this Password Storage Scheme type.

salted-sha512-password-storage-scheme

Default {type}: Salted SHA512 Password Storage Scheme

Enabled by default: true

See the section called “Salted SHA512 Password Storage Scheme” for the properties of this Password Storage Scheme type.

sha1-password-storage-scheme

Default {type}: SHA1 Password Storage Scheme

Enabled by default: true

See the section called “SHA1 Password Storage Scheme” for the properties of this Password Storage Scheme type.

triple-des-password-storage-scheme

Default {type}: Triple DES Password Storage Scheme

Enabled by default: true

See the section called “Triple DES Password Storage Scheme” for the properties of this Password Storage Scheme type.

Crypt Password Storage Scheme

Password Storage Schemes of type crypt-password-storage-scheme have the following properties:

crypt-password-storage-encryption-algorithm
Description

Specifies the algorithm to use to encrypt new passwords. Select the crypt algorithm to use to encrypt new passwords. The value can either be "unix", which means the password is encrypted with the weak Unix crypt algorithm, or "md5" which means the password is encrypted with the BSD MD5 algorithm and has a $1$ prefix, or "sha256" which means the password is encrypted with the SHA256 algorithm and has a $5$ prefix, or "sha512" which means the password is encrypted with the SHA512 algorithm and has a $6$ prefix.

Default Value

unix

Allowed Values
md5

New passwords are encrypted with the BSD MD5 algorithm.

sha256

New passwords are encrypted with the Unix crypt SHA256 algorithm.

sha512

New passwords are encrypted with the Unix crypt SHA512 algorithm.

unix

New passwords are encrypted with the Unix crypt algorithm. Passwords are truncated at 8 characters and the top bit of each character is ignored.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the Password Storage Scheme is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the Crypt Password Storage Scheme implementation.

Default Value

org.opends.server.extensions.CryptPasswordStorageScheme

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No