Directory Services 7.4.2

SCRAM-SHA-256 Password Storage Scheme

The SCRAM-SHA-256 Password Storage Scheme provides a mechanism for encoding user passwords for use with the SASL SCRAM authentication mechanism defined in RFC 5802.

This scheme contains an implementation for the user password syntax, and uses the scheme name SCRAM-SHA-256. Password values are encoded using the format described in RFC 5803.

Parent

The SCRAM-SHA-256 Password Storage Scheme object inherits from Password Storage Scheme.

SCRAM-SHA-256 Password Storage Scheme properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

enabled
scram-iterations

java-class

Basic properties

Use the --advanced option to access advanced properties.

enabled

Synopsis

Indicates whether the Password Storage Scheme is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

scram-iterations

Synopsis

The number of iterations to use when deriving the salted password.

Default value

10000

Allowed values

An integer.

Lower limit: 1.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the SCRAM-SHA-256 Password Storage Scheme implementation.

Default value

org.opends.server.extensions.ScramSha256PasswordStorageScheme

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.PasswordStorageScheme

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

Yes

Read-only

No