Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Bcrypt Password Storage Scheme provides support for encoding passwords using the Bcrypt key derivation function. The string representation used by this password storage scheme is compatible with the format that OpenBSD uses for Bcrypt-encoded passwords, which has become the de facto string representation for Bcrypt-encoded passwords.
In the past, it was necessary to independently obtain the Bouncy Castle library and place it in the server's lib directory. This is no longer required, as the server ships with the necessary Bouncy Castle library.
This password storage scheme is not supported in servers running in FIPS 140-2-compliant mode.
The Bcrypt Password Storage Scheme component inherits from the Password Storage Scheme
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| enabled | |
| bcrypt-cost-factor |
| Description | A description for this Password Storage Scheme |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Password Storage Scheme is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the cost factor to use when encoding passwords with Bcrypt. A higher cost factor requires more processing to generate a password, which makes attacks against the password more expensive. The value must be between 4 and 31, inclusive. Increasing the cost factor by one doubles the amount of processing required to generate the password. |
| Default Value | 10 |
| Allowed Values | An integer value. Lower limit is 4. Upper limit is 31 . |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Password Storage Schemes:
dsconfig list-password-storage-schemes
[--property {propertyName}] ...
To view the configuration for an existing Password Storage Scheme:
dsconfig get-password-storage-scheme-prop
--scheme-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Password Storage Scheme:
dsconfig set-password-storage-scheme-prop
--scheme-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Bcrypt Password Storage Scheme:
dsconfig create-password-storage-scheme
--scheme-name {name}
--type bcrypt
--set enabled:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Password Storage Scheme:
dsconfig delete-password-storage-scheme
--scheme-name {name}