Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Bcrypt Password Storage Scheme provides support for encoding passwords using the Bcrypt key derivation function. The string representation used by this password storage scheme is compatible with the format that OpenBSD uses for Bcrypt-encoded passwords, which has become the de facto string representation for Bcrypt-encoded passwords.
This password storage scheme implementation requires the Bouncy Castle JCE provider, which is not included with the Directory Server, in order to simplify United States export control restrictions imposed on the distribution of cryptographic functionality. If you wish to use this feature, you must first obtain the necessary library from the Bouncy Castle website (https://bouncycastle.org/). This implementation has been compiled and tested with version 1.64 of the library, available in file https://www.bouncycastle.org/download/bcprov-jdk15on-164.jar. This file should be placed in the "lib" directory beneath the server install root. The server will need to be restarted for this library to be available for use.
↓Parent Component
↓Properties
↓dsconfig Usage
The Bcrypt Password Storage Scheme component inherits from the Password Storage Scheme
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
↓ description | None |
↓ enabled | |
↓ bcrypt-cost-factor |
Description | A description for this Password Storage Scheme |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether the Bcrypt Password Storage Scheme is enabled for use. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | This password storage scheme implementation requires the Bouncy Castle JCE provider, which is not included with the Directory Server, in order to simplify United States export control restrictions imposed on the distribution of cryptographic functionality. If you wish to use this feature, you must first obtain the necessary library from the Bouncy Castle website (https://bouncycastle.org/). This implementation has been compiled and tested with version 1.64 of the library, available in file https://www.bouncycastle.org/download/bcprov-jdk15on-164.jar. This file should be placed in the "lib" directory beneath the server install root. The server will need to be restarted for this library to be available for use. |
Description | Specifies the cost factor to use when encoding passwords with Bcrypt. A higher cost factor requires more processing to generate a password, which makes attacks against the password more expensive. The value must be between 4 and 31, inclusive. Increasing the cost factor by one doubles the amount of processing required to generate the password. |
Default Value | 10 |
Allowed Values | An integer value. Lower limit is 4. Upper limit is 31 . |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured Password Storage Schemes:
dsconfig list-password-storage-schemes [--property {propertyName}] ...
To view the configuration for an existing Password Storage Scheme:
dsconfig get-password-storage-scheme-prop --scheme-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Password Storage Scheme:
dsconfig set-password-storage-scheme-prop --scheme-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Bcrypt Password Storage Scheme:
dsconfig create-password-storage-scheme --scheme-name {name} --type bcrypt --set enabled:{propertyValue} [--set {propertyName}:{propertyValue}] ...
To delete an existing Password Storage Scheme:
dsconfig delete-password-storage-scheme --scheme-name {name}