1 .TH SLAPD-PW-PBKDF2 5 "RELEASEDATE" "OpenLDAP LDVERSION"
2 .\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
3 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 slapd-pw-pbkdf2 \- SHA-2 password module to slapd
20 provides support for the use of the key stretching function
21 PBKDF2 (Password-Based Key Derivation Function 2) following RFC 2898
22 in hashed passwords in OpenLDAP.
24 It does so by providing the following additional password schemes for use in slapd:
28 alias to {PBKDF2-SHA1}
31 PBKDF2 using HMAC-SHA-1 as the underlying pseudorandom function
34 PBKDF2 using HMAC-SHA-256 as the underlying pseudorandom function
37 PBKDF2 using HMAC-SHA-512 as the underlying pseudorandom function
43 module does not need any configuration.
45 After loading the module, the password schemes
46 {PBKDF2}, {PBKDF2-SHA1}, {PBKDF2-SHA256}, and {PBKDF2-SHA512}
47 will be recognised in values of the
51 You can then instruct OpenLDAP to use these schemes when processing
52 the LDAPv3 Password Modify (RFC 3062) extended operations by using the
58 If you want to use the schemes described here with
60 don't forget to load the module using its command line options.
61 The relevant option/value is:
65 .BR module\-load = pw-pbkdf2
70 location, you may also need:
74 .BR module\-path = \fIpathspec\fP
78 All of the userPassword LDAP attributes below encode the password
82 userPassword: {PBKDF2-SHA512}10000$/oQ4xZi382mk7kvCd3ZdkA$2wqjpuyV2l0U/a1QwoQPOtlQL.UcJGNACj1O24balruqQb/NgPW6OCvvrrJP8.SzA3/5iYvLnwWPzeX8IK/bEQ
84 userPassword: {PBKDF2-SHA256}10000$jq40ImWtmpTE.aYDYV1GfQ$mpiL4ui02ACmYOAnCjp/MI1gQk50xLbZ54RZneU0fCg
86 userPassword: {PBKDF2-SHA1}10000$QJTEclnXgh9Cz3ChCWpdAg$9.s98jwFJM.NXJK9ca/oJ5AyoAQ
89 To make {PBKDF2-SHA512} the password hash used in Password Modify extended operations,
90 simply set this line in slapd.conf(5):
93 password-hash {PBKDF2-SHA512}
102 "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
106 This manual page has been writen by Peter Marschall based on the
107 module's README file written by HAMANO Tsukasa <hamano@osstech.co.jp>
110 is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
112 is derived from University of Michigan LDAP 3.3 Release.