Bcrypt Password Storage Scheme

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

The Bcrypt Password Storage Scheme provides support for encoding passwords using the Bcrypt key derivation function. The string representation used by this password storage scheme is compatible with the format that OpenBSD uses for Bcrypt-encoded passwords, which has become the de facto string representation for Bcrypt-encoded passwords.

In the past, it was necessary to independently obtain the Bouncy Castle library and place it in the server's lib directory. This is no longer required, as the server ships with the necessary Bouncy Castle library.
This password storage scheme is not supported in servers running in FIPS 140-2-compliant mode.

Parent Component Properties dsconfig Usage

Parent Component

The Bcrypt Password Storage Scheme component inherits from the Password Storage Scheme

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 enabled
 bcrypt-cost-factor

Basic Properties

description

Description
A description for this Password Storage Scheme
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether the Password Storage Scheme is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

bcrypt-cost-factor

Description
Specifies the cost factor to use when encoding passwords with Bcrypt. A higher cost factor requires more processing to generate a password, which makes attacks against the password more expensive. The value must be between 4 and 31, inclusive. Increasing the cost factor by one doubles the amount of processing required to generate the password.
Default Value
10
Allowed Values
An integer value. Lower limit is 4. Upper limit is 31 .
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Password Storage Schemes:

dsconfig list-password-storage-schemes
     [--property {propertyName}] ...

To view the configuration for an existing Password Storage Scheme:

dsconfig get-password-storage-scheme-prop
     --scheme-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Password Storage Scheme:

dsconfig set-password-storage-scheme-prop
     --scheme-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Bcrypt Password Storage Scheme:

dsconfig create-password-storage-scheme
     --scheme-name {name}
     --type bcrypt
     --set enabled:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Password Storage Scheme:

dsconfig delete-password-storage-scheme
     --scheme-name {name}