Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact UnboundID support for assistance if you believe that you have a need to create or modify this type of object.
The Salted SHA1 Password Storage Scheme provides a mechanism for encoding user passwords using a salted form of the SHA-1 message digest algorithm.
NOTE: Although the SHA-1 message digest algorithm is not necessarily considered insecure, attacks against this digest have identified weaknesses and it is not recommended for use in new deployments. Rather, a stronger algorithm (e.g., one based on one of the 256-bit, 384-bit, or 512-bit SHA-2 variants, or one using a resource-intensive algorithm like PBKDF2, Bcrypt, or scrypt) should be selected. If you are migrating data that contains passwords encoded with the SHA-1 digest, you may wish to update all relevant password policies to mark this scheme as deprecated so that any user with a password encoded with this scheme will have their password automatically re-encoded whenever they successfully authenticate to the server.
This scheme contains an implementation for the user password syntax, with a storage scheme name of "SSHA", and an implementation of the auth password syntax, with a storage scheme name of "SHA1".
↓Parent Component
↓Properties
↓dsconfig Usage
The Salted SHA1 Password Storage Scheme component inherits from the Password Storage Scheme
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
↓ description | None |
↓ enabled | |
↓ salt-length-bytes |
Description | A description for this Password Storage Scheme |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether the Salted SHA1 Password Storage Scheme is enabled for use. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | Although the SHA-1 message digest algorithm is not necessarily considered insecure, attacks against this digest have identified weaknesses and it is not recommended for use in new deployments. Rather, a stronger algorithm (e.g., one based on one of the 256-bit, 384-bit, or 512-bit SHA-2 variants, or one using a resource-intensive algorithm like PBKDF2, Bcrypt, or scrypt) should be selected. If you are migrating data that contains passwords encoded with the SHA-1 digest, you may wish to update all relevant password policies to mark this scheme as deprecated so that any user with a password encoded with this scheme will have their password automatically re-encoded whenever they successfully authenticate to the server. |
Description | Specifies the number of bytes to use for the generated salt. |
Default Value | 8 |
Allowed Values | An integer value. Lower limit is 1. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured Password Storage Schemes:
dsconfig list-password-storage-schemes [--property {propertyName}] ...
To view the configuration for an existing Password Storage Scheme:
dsconfig get-password-storage-scheme-prop --scheme-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Password Storage Scheme:
dsconfig set-password-storage-scheme-prop --scheme-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...