Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SLAPD-PW-SHA2(5)	      File Formats Manual	      SLAPD-PW-SHA2(5)

NAME
       slapd-pw-sha2 - SHA-2 password module to	slapd

SYNOPSIS
       ETCDIR/slapd.conf

	      moduleload pw-sha2

DESCRIPTION
       The  pw-sha2  module  to	 slapd(8)  provides  support  for  the	use of
       SSHA-512, SSHA-384, SSHA-256, SHA-512, SHA-384  and  SHA-256  from  the
       SHA-2  family  (FIPS  180-2)  of	 hash functions	in hashed passwords in
       OpenLDAP.

       It does so by providing the following additional	password  schemes  for
       use in slapd:

	      {SSHA256}
		     SHA-256 with salt,	giving hash values of 256 bits length

	      {SHA256}
		     plain SHA-256 giving hash values of 256 bits length

	      {SSHA384}
		     SHA-384 with salt,	giving hash values of 384 bits length

	      {SHA384}
		     plain SHA-384 giving hash values of 384 bits length

	      {SSHA512}
		     SHA-512 with salt,	giving hash values of 512 bits length

	      {SHA512}
		     plain SHA-512 giving hash values of 512 bits length

CONFIGURATION
       The pw-sha2 module does not need	any configuration.

       After  loading  the  module, the	password schemes {SSHA256}, {SSHA384},
       {SSHA512}, {SSHA256}, {SHA384}, and {SHA512} will be recognised in val-
       ues of the userPassword attribute.

       You can then instruct OpenLDAP to use these schemes when	processing the
       LDAPv3 Password Modify (RFC 3062)  extended  operations	by  using  the
       password-hash option in slapd.conf(5).

NOTES
       If you want to use the schemes described	here with slappasswd(8), don't
       forget to load the module using its command line	options.  The relevant
       option/value is:

	      -o module-load=pw-sha2

       Depending on pw-sha2's location,	you may	also need:

	      -o module-path=pathspec

EXAMPLES
       All  of the userPassword	LDAP attributes	below encode the password 'se-
       cret'.

       userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==

       userPassword: {SHA384}WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt

       userPassword: {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=

       To make {SSHA512} the password hash used	in  Password  Modify  extended
       operations, simply set this line	in slapd.conf(5):

       password-hash   {SSHA512}

SEE ALSO
       slapd.conf(5), ldappasswd(1), slappasswd(8), ldap(3),

       "OpenLDAP Administrator's Guide"	(http://www.OpenLDAP.org/doc/admin/)

ACKNOWLEDGEMENTS
       This  manual page has been written by Peter Marschall based on the mod-
       ule's README file written by Jeff Turner.

       OpenLDAP	 is  developed	and  maintained	 by   The   OpenLDAP   Project
       (http://www.openldap.org/).   OpenLDAP  is  derived  from University of
       Michigan	LDAP 3.3 Release.

OpenLDAP LDVERSION		  RELEASEDATE		      SLAPD-PW-SHA2(5)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=slapd-pw-sha2&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>

home | help