Cost Based Password Storage Scheme
This is an abstract object type that cannot be instantiated.
Cost Based Password Storage Schemes protect passwords against attackers by using costly hashing algorithms, that are designed to use a lot of CPU, and maybe memory too.
Cost Based Password Storage Schemes are designed to protect weak passwords that have low entropy. When using passwords with high entropy, as recommended for administrative or service accounts, it is possible to use hashing algorithms that are not cost-based. To avoid the need to scale PingDS for the sole purpose of cost-based hashing, Cost Based Password Storage Schemes can offload password hashing to a dedicated microservice.
Cost Based Password Storage Schemes
The following Cost Based Password Storage Schemes are available:
These Cost Based Password Storage Schemes inherit the properties described below.
Parent
The Cost Based Password Storage Scheme object inherits from Password Storage Scheme.
Cost Based Password Storage Scheme properties
You can use configuration expressions to set property values at startup time. For details, see Property value substitution.
enabled
Synopsis |
Indicates whether the Password Storage Scheme is enabled for use. |
Default value |
None |
Allowed values |
true false |
Multi-valued |
No |
Required |
Yes |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
java-class
Synopsis |
Specifies the fully-qualified name of the Java class that provides the Password Storage Scheme implementation. |
Default value |
None |
Allowed values |
A Java class that extends or implements:
|
Multi-valued |
No |
Required |
Yes |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
Advanced properties
Use the --advanced
option to access advanced properties.
remote-password-hashing-base-uri
Synopsis |
Specifies the base URI to connect to the password hashing microservice. |
Default value |
None |
Allowed values |
A string. |
Multi-valued |
No |
Required |
No |
Admin action required |
None |
Advanced |
Yes |
Read-only |
No |
remote-password-hashing-connection-timeout
Synopsis |
Specifies the timeout to use when connecting to the password hashing microservice. |
Default value |
10 s |
Allowed values |
Uses duration syntax. Lower limit: 0 seconds. |
Multi-valued |
No |
Required |
No |
Admin action required |
None |
Advanced |
Yes |
Read-only |
No |
remote-password-hashing-enabled
Synopsis |
Specifies whether to delegate password hashing to a dedicated microservice. |
Default value |
false |
Allowed values |
true false |
Multi-valued |
No |
Required |
No |
Admin action required |
None |
Advanced |
Yes |
Read-only |
No |
remote-password-hashing-max-connections
Synopsis |
Specifies the maximum number of connections to the password hashing microservice. |
Default value |
64 |
Allowed values |
An integer. Lower limit: 0. |
Multi-valued |
No |
Required |
No |
Admin action required |
None |
Advanced |
Yes |
Read-only |
No |
remote-password-hashing-request-timeout
Synopsis |
Specifies the timeout for a request to the password hashing microservice. |
Default value |
10 s |
Allowed values |
Uses duration syntax. Lower limit: 0 seconds. |
Multi-valued |
No |
Required |
No |
Admin action required |
None |
Advanced |
Yes |
Read-only |
No |