Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact support for assistance if you believe that you have a need to create or modify this type of object.
The SHA1 Password Storage Scheme provides a mechanism for encoding user passwords using an unsalted form of the SHA-1 message digest algorithm. Because the implementation does not use any kind of salting mechanism, a given password always has the same encoded form.
NOTE: Although the SHA-1 message digest algorithm is not necessarily considered insecure, attacks against this digest have identified weaknesses and it is not recommended for use in new deployments. Rather, a stronger algorithm (e.g., one based on one of the 256-bit, 384-bit, or 512-bit SHA-2 variants, or one using a resource-intensive algorithm like PBKDF2, Bcrypt, or scrypt) should be selected. If you are migrating data that contains passwords encoded with the SHA-1 digest, you may wish to update all relevant password policies to mark this scheme as deprecated so that any user with a password encoded with this scheme will have their password automatically re-encoded whenever they successfully authenticate to the server.
This scheme contains only an implementation for the user password syntax, with a storage scheme name of "SHA".
↓Parent Component
↓Properties
↓dsconfig Usage
The SHA1 Password Storage Scheme component inherits from the Password Storage Scheme
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
↓ description | None |
↓ enabled |
Description | A description for this Password Storage Scheme |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether the SHA1 Password Storage Scheme is enabled for use. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | Although the SHA-1 message digest algorithm is not necessarily considered insecure, attacks against this digest have identified weaknesses and it is not recommended for use in new deployments. Rather, a stronger algorithm (e.g., one based on one of the 256-bit, 384-bit, or 512-bit SHA-2 variants, or one using a resource-intensive algorithm like PBKDF2, Bcrypt, or scrypt) should be selected. If you are migrating data that contains passwords encoded with the SHA-1 digest, you may wish to update all relevant password policies to mark this scheme as deprecated so that any user with a password encoded with this scheme will have their password automatically re-encoded whenever they successfully authenticate to the server. |
To list the configured Password Storage Schemes:
dsconfig list-password-storage-schemes [--property {propertyName}] ...
To view the configuration for an existing Password Storage Scheme:
dsconfig get-password-storage-scheme-prop --scheme-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Password Storage Scheme:
dsconfig set-password-storage-scheme-prop --scheme-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...