Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   slappw-argon2    ( 5 )

модуль паролей Argon2 для slapd (Argon2 password module to slapd)

Имя (Name)

slappw-argon2 - Argon2 password module to slapd

Синопсис (Synopsis)

ETCDIR/slapd.conf


              moduleload argon2 [<parameters>]

Описание (Description)

The argon2 module to slapd(8) provides support for the use of the
       key derivation function Argon2, that was selected as the winner
       of the Password Hashing Competition in July 2015, in hashed
       passwords in OpenLDAP.


       It does so by providing the additional password scheme {ARGON2}
       for use in slapd.

Конфигурация (Configuration)

The argon2 module does not need any configuration, but it can be
       configured by giving the following parameters:


       m=<memory>
              Set memory usage to <memory> kiB.


       p=<parallelism>
              Set parallelism to <parallelism> threads. Currently
              supported only when linked with libargon2.


       t=<iterations>
              Set the number of iterations to <iterations>.


       These replace defaults when preparing hashes for new passwords
       where possible.


       After loading the module, the password scheme {ARGON2} will be
       recognised in values of the userPassword attribute.


       You can then instruct OpenLDAP to use this scheme when processing
       the LDAPv3 Password Modify (RFC 3062) extended operations by
       using the password-hash option in slapd.conf(5):


              password-hash {ARGON2}


   NOTES
       If you want to use the scheme described here with slappasswd(8),
       remember to load the module using its command line options.  The
       relevant option/value is:


              -o module-load=argon2


       Or if non-default parameters are required:


              -o module-load="argon2 [<param>...]"


       Depending on argon2's location, you may also need:


              -o module-path=pathspec

Примеры (Examples)

Both userPassword LDAP attributes below encode the password
       'secret' using different salts:


       userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHQ$DKlexoEJUoZTmkAAC3SaMWk30El9/RvVhlqGo6afIng


       userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHRzYWx0$qOCkx9nMeFlaGOO4DUmPDgrlUbgMMuO9T1+vQCFuyzw

Смотри также (See also)

slapd.conf(5), ldappasswd(1), slappasswd(8), ldap(3),


       "OpenLDAP Administrator's Guide" ⟨http://www.OpenLDAP.org/doc/⟩