For more information on using the different password storage schemes, see the "User Account Management" chapter in the HP-UX Directory Server administrator guide

CAUTION:

Do not modify the configuration of the password scheme plug-ins. HP recommends leaving these plug-ins running at all times.

Table 3-3 Password storage plugins

 

Storage scheme name

Usage notes

 

CLEAR

This encryption method is required for using SASL/DIGEST-MD5.

 

 

 

 

CRYPT

This storage scheme is not very secure and is included only for compatibility with

 

 

legacy servers and to allow migration.

 

 

 

 

DES

This encryption scheme is used only for reversible encryption and is available for

 

 

certain plug-ins; this is not intended for password storage.

 

 

 

 

MD5

This storage scheme is not very secure and is included only for compatibility with

 

 

legacy servers and to allow migration.

 

 

 

 

NS-MTA-MD5

The NS-MTA-MD5 password storage scheme cannot be used to encrypt passwords.

 

 

The storage scheme is still present for backward compatibility for any entries stored

 

 

in the directory with passwords encrypted with the NS-MTA-MD5 password storage

 

 

scheme.

 

 

 

 

SHA

If there are no passwords encrypted using the SHA password storage scheme, this

 

 

plug-in can be turned off.

 

 

Instead of encrypting passwords with the SHA password storage scheme, HP

 

 

recommends choosing SSHA instead because it is more secure.

 

 

 

 

SHA256

Use SHA256 or higher to encrypt passwords because these are stronger encryption

 

 

schemes.

 

 

 

 

SHA384

This storage scheme is recommended for password storage because of its strength.

 

 

 

 

SHA512

This storage scheme is recommended for password storage because of its strength.

 

 

 

 

SSHA

This is recommended instead of SHA because it is a stronger encryption screen.

 

 

However, HP recommends using at least the SSHA256 storage scheme or higher

 

 

because these are stronger schemes.

 

 

 

 

SSHA256

Use SSHA256 or higher to encrypt passwords because these are stronger encryption

 

 

schemes.

 

 

 

 

SSHA384

This storage scheme is recommended for password storage because of its strength.

 

 

 

 

SSHA512

This storage scheme is recommended for password storage because of its strength.

 

 

3.1.26 Postal address string syntax plug-in

 

 

 

 

Plug-in parameter

Description

 

 

 

 

Plug-in Name

Postal Address Syntax

 

 

 

 

DN of Configuration Entry

cn=Postal Address Syntax, cn=plugins, cn=config

 

 

 

 

Description

Syntax used for handling postal addresses

 

 

 

 

Configurable Options

on or off

 

 

 

 

Default Setting

on

 

 

 

 

Configurable Arguments

None

 

 

 

 

Dependencies

None

 

 

 

3.1 Server plug-in functionality reference 123