Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Salted MD5 Password Storage Scheme provides a mechanism for encoding user passwords using a salted form of the MD5 message digest algorithm.
NOTE: The Salted MD5 Password Storage Scheme is considered insecure and is not recommended for use in production deployments unless you are migrating data that contains password encoded in this format. In such cases, it is highly recommended that it also be configured as a deprecated password storage scheme in all relevant password policies so that users with passwords encoded in this format will automatically have those passwords re-encoded whenever they use them to authenticate to the server.
This scheme contains an implementation for the user password syntax, with a storage scheme name of "SMD5", and an implementation of the auth password syntax, with a storage scheme name of "MD5". Although the MD5 digest algorithm is relatively secure, recent cryptanalysis work has identified mechanisms for generating MD5 collisions. This does not impact the security of this algorithm as it is used in the Directory Server, but it is recommended that the MD5 password storage scheme only be used if client applications require it for compatibility purposes, and that a stronger digest like SSHA or SSHA256 be used for environments in which MD5 support is not required.
The Salted MD5 Password Storage Scheme component inherits from the Password Storage Scheme
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
description | None |
enabled | |
salt-length-bytes |
Description | A description for this Password Storage Scheme |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether the Salted MD5 Password Storage Scheme is enabled for use. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | This Salted MD5 Password Storage Scheme scheme is considered insecure and is not recommended for use in production deployments unless you are migrating data that contains password encoded in this format. In such cases, it is highly recommended that it also be configured as a deprecated password storage scheme in all relevant password policies so that users with passwords encoded in this format will automatically have those passwords re-encoded whenever they use them to authenticate to the server. |
Description | Specifies the number of bytes to use for the generated salt. |
Default Value | 8 |
Allowed Values | An integer value. Lower limit is 1. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured Password Storage Schemes:
dsconfig list-password-storage-schemes [--property {propertyName}] ...
To view the configuration for an existing Password Storage Scheme:
dsconfig get-password-storage-scheme-prop --scheme-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Password Storage Scheme:
dsconfig set-password-storage-scheme-prop --scheme-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...