Interface Pbkdf2PasswordStorageSchemeCfgClient

    • Method Detail

      • getJavaClass

        @MandatoryProperty
        ValueOrExpression<String> getJavaClass()
        Gets the "java-class" property.

        Specifies the fully-qualified name of the Java class that provides the PBKDF2 Password Storage Scheme implementation.

        Default value: org.opends.server.extensions.PBKDF2PasswordStorageScheme

        Specified by:
        getJavaClass in interface PasswordStorageSchemeCfgClient
        Returns:
        Returns the value of the "java-class" property.
      • getPbkdf2Iterations

        ValueOrExpression<Integer> getPbkdf2Iterations()
        Gets the "pbkdf2-iterations" property.

        The number of algorithm iterations to make.

        By default, changes to this setting impact only newly created and updated passwords. However, if the rehash-policy is set to always or only-increase, it causes the server to recalculate each user's password hash on their next authentication, and write the new hash to the user's entry on disk. Changing the number of iterations therefore leads to a short-term spike in CPU and disk use as the server updates each user's password when they next authenticate. Longer term, increasing this settings results in more secure passwords at the expense of longer response times and lower throughput.

        Default value: 10000

        Returns:
        Returns the value of the "pbkdf2-iterations" property.
      • setPbkdf2Iterations

        void setPbkdf2Iterations​(ValueOrExpression<Integer> value)
                          throws PropertyException
        Sets the "pbkdf2-iterations" property.

        The number of algorithm iterations to make.

        By default, changes to this setting impact only newly created and updated passwords. However, if the rehash-policy is set to always or only-increase, it causes the server to recalculate each user's password hash on their next authentication, and write the new hash to the user's entry on disk. Changing the number of iterations therefore leads to a short-term spike in CPU and disk use as the server updates each user's password when they next authenticate. Longer term, increasing this settings results in more secure passwords at the expense of longer response times and lower throughput.

        Parameters:
        value - The value of the "pbkdf2-iterations" property.
        Throws:
        PropertyException - If the new value is invalid.
      • getRehashPolicy

        ValueOrExpression<Pbkdf2PasswordStorageSchemeCfgDefn.RehashPolicy> getRehashPolicy()
        Gets the "rehash-policy" property.

        Indicates whether the server should rehash passwords after the cost has been changed.

        Passwords will be rehashed when a user successfully authenticates. Note that rehashing will increase the write load on the server.

        Default value: never

        Returns:
        Returns the value of the "rehash-policy" property.
      • setRehashPolicy

        void setRehashPolicy​(ValueOrExpression<Pbkdf2PasswordStorageSchemeCfgDefn.RehashPolicy> value)
                      throws PropertyException
        Sets the "rehash-policy" property.

        Indicates whether the server should rehash passwords after the cost has been changed.

        Passwords will be rehashed when a user successfully authenticates. Note that rehashing will increase the write load on the server.

        Parameters:
        value - The value of the "rehash-policy" property.
        Throws:
        PropertyException - If the new value is invalid.