mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-02-05 13:40:08 +08:00
123 lines
2.6 KiB
Groff
123 lines
2.6 KiB
Groff
.TH SLAPPW-ARGON2 5 "RELEASEDATE" "OpenLDAP LDVERSION"
|
|
.\" Copyright 2020-2021 The OpenLDAP Foundation All Rights Reserved.
|
|
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
|
.\" $OpenLDAP$
|
|
.SH NAME
|
|
slappw\-argon2 \- Argon2 password module to slapd
|
|
.SH SYNOPSIS
|
|
ETCDIR/slapd.conf
|
|
.RS
|
|
.LP
|
|
.B moduleload argon2
|
|
.RI [ <parameters> ]
|
|
.RE
|
|
.SH DESCRIPTION
|
|
.LP
|
|
The
|
|
.B argon2
|
|
module to
|
|
.BR slapd (8)
|
|
provides support for the use of the key derivation function Argon2,
|
|
that was selected as the winner of the Password Hashing Competition in July 2015,
|
|
in hashed passwords in OpenLDAP.
|
|
.LP
|
|
It does so by providing the additional password scheme
|
|
.B {ARGON2}
|
|
for use in slapd.
|
|
|
|
.SH CONFIGURATION
|
|
The
|
|
.B argon2
|
|
module does not need any configuration,
|
|
but it can be configured by giving the following parameters:
|
|
.TP
|
|
.BI m= <memory>
|
|
Set memory usage to
|
|
.I <memory>
|
|
kiB.
|
|
.TP
|
|
.BI p= <parallelism>
|
|
Set parallelism to
|
|
.I <parallelism>
|
|
threads.
|
|
.TP
|
|
.BI t= <iterations>
|
|
Set the number of iterations to
|
|
.IR <iterations> .
|
|
.LP
|
|
These replace defaults when preparing hashes for new passwords where possible.
|
|
.LP
|
|
After loading the module, the password scheme
|
|
.B {ARGON2}
|
|
will be recognised in values of the
|
|
.I userPassword
|
|
attribute.
|
|
.LP
|
|
You can then instruct OpenLDAP to use this scheme when processing
|
|
the LDAPv3 Password Modify (RFC 3062) extended operations by using the
|
|
.BR password-hash
|
|
option in
|
|
.BR slapd.conf (5):
|
|
.RS
|
|
.LP
|
|
.B password\-hash {ARGON2}
|
|
.RE
|
|
.LP
|
|
|
|
.SS NOTES
|
|
If you want to use the scheme described here with
|
|
.BR slappasswd (8),
|
|
remember to load the module using its command line options.
|
|
The relevant option/value is:
|
|
.RS
|
|
.LP
|
|
.B \-o
|
|
.BR module\-load = argon2
|
|
.LP
|
|
.RE
|
|
Depending on
|
|
.BR argon2 's
|
|
location, you may also need:
|
|
.RS
|
|
.LP
|
|
.B \-o
|
|
.BR module\-path = \fIpathspec\fP
|
|
.RE
|
|
|
|
.SH EXAMPLES
|
|
Both userPassword LDAP attributes below encode the password
|
|
.RI ' secret '
|
|
using different salts:
|
|
.EX
|
|
.LP
|
|
userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHQ$DKlexoEJUoZTmkAAC3SaMWk30El9/RvVhlqGo6afIng
|
|
.LP
|
|
userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHRzYWx0$qOCkx9nMeFlaGOO4DUmPDgrlUbgMMuO9T1+vQCFuyzw
|
|
.EE
|
|
|
|
.SH SEE ALSO
|
|
.BR slapd.conf (5),
|
|
.BR ldappasswd (1),
|
|
.BR slappasswd (8),
|
|
.BR ldap (3),
|
|
.LP
|
|
.UR http://www.OpenLDAP.org/doc/
|
|
"OpenLDAP Administrator's Guide"
|
|
.UE
|
|
.LP
|
|
|
|
.SH ACKNOWLEDGEMENTS
|
|
This manual page has been written by Peter Marschall based on the
|
|
module's README file written by
|
|
.MT simon@levermann.de
|
|
Simon Levermann
|
|
.ME .
|
|
.LP
|
|
.B OpenLDAP
|
|
is developed and maintained by
|
|
.UR http://www.openldap.org/
|
|
The OpenLDAP Project
|
|
.UE .
|
|
.B OpenLDAP
|
|
is derived from University of Michigan LDAP 3.3 Release.
|