GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
SLAPPW-ARGON2(5) FreeBSD File Formats Manual SLAPPW-ARGON2(5)

slappw-argon2 - Argon2 password module to slapd

/usr/local/etc/openldap/slapd.conf

moduleload argon2 [<parameters>]

The argon2 module to slapd(8) provides support for the use of the key derivation function Argon2, that was selected as the winner of the Password Hashing Competition in July 2015, in hashed passwords in OpenLDAP.

It does so by providing the additional password scheme {ARGON2} for use in slapd.

The argon2 module does not need any configuration, but it can be configured by giving the following parameters:
m=<memory>
Set memory usage to <memory> kiB.
p=<parallelism>
Set parallelism to <parallelism> threads. Currently supported only when linked with libargon2.
t=<iterations>
Set the number of iterations to <iterations>.

These replace defaults when preparing hashes for new passwords where possible.

After loading the module, the password scheme {ARGON2} will be recognised in values of the userPassword attribute.

You can then instruct OpenLDAP to use this scheme when processing the LDAPv3 Password Modify (RFC 3062) extended operations by using the password-hash option in slapd.conf(5):

password-hash {ARGON2}

If you want to use the scheme described here with slappasswd(8), remember to load the module using its command line options. The relevant option/value is:

-o module-load=argon2

Or if non-default parameters are required:

-o module-load="argon2 [<param>...]"

Depending on argon2's location, you may also need:

-o module-path=pathspec

Both userPassword LDAP attributes below encode the password 'secret' using different salts: 
userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHQ$DKlexoEJUoZTmkAAC3SaMWk30El9/RvVhlqGo6afIng

userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHRzYWx0$qOCkx9nMeFlaGOO4DUmPDgrlUbgMMuO9T1+vQCFuyzw

slapd.conf(5), ldappasswd(1), slappasswd(8), ldap(3),

"OpenLDAP Administrator's Guide"

This manual page has been written by Peter Marschall based on the module's README file written by Simon Levermann.

OpenLDAP is developed and maintained by The OpenLDAP Project. OpenLDAP is derived from University of Michigan LDAP 3.3 Release.

2022/05/04 OpenLDAP 2.5.12
Search for    or go to Top of page |  Section 5 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.