Interface Pbkdf2PasswordStorageSchemeCfgClient
-
- All Superinterfaces:
ConfigurationClient
,PasswordStorageSchemeCfgClient
- All Known Subinterfaces:
Pbkdf2HmacSha256PasswordStorageSchemeCfgClient
,Pbkdf2HmacSha512PasswordStorageSchemeCfgClient
public interface Pbkdf2PasswordStorageSchemeCfgClient extends PasswordStorageSchemeCfgClient
A client-side interface for reading and modifying PBKDF2 Password Storage Scheme settings.The PBKDF2 Password Storage Scheme provides a mechanism for encoding user passwords using the PBKDF2 message digest algorithm. PBKDF2 is the shortname for PBKDF2-HMAC-SHA1.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description ManagedObjectDefinition<? extends Pbkdf2PasswordStorageSchemeCfgClient,? extends Pbkdf2PasswordStorageSchemeCfg>
definition()
Get the configuration definition associated with this PBKDF2 Password Storage Scheme.ValueOrExpression<String>
getJavaClass()
Gets the "java-class" property.ValueOrExpression<Integer>
getPbkdf2Iterations()
Gets the "pbkdf2-iterations" property.ValueOrExpression<Pbkdf2PasswordStorageSchemeCfgDefn.RehashPolicy>
getRehashPolicy()
Gets the "rehash-policy" property.void
setJavaClass(ValueOrExpression<String> value)
Sets the "java-class" property.void
setPbkdf2Iterations(ValueOrExpression<Integer> value)
Sets the "pbkdf2-iterations" property.void
setRehashPolicy(ValueOrExpression<Pbkdf2PasswordStorageSchemeCfgDefn.RehashPolicy> value)
Sets the "rehash-policy" property.-
Methods inherited from interface org.forgerock.opendj.config.ConfigurationClient
commit, properties
-
Methods inherited from interface org.forgerock.opendj.server.config.client.PasswordStorageSchemeCfgClient
isEnabled, setEnabled
-
-
-
-
Method Detail
-
definition
ManagedObjectDefinition<? extends Pbkdf2PasswordStorageSchemeCfgClient,? extends Pbkdf2PasswordStorageSchemeCfg> definition()
Get the configuration definition associated with this PBKDF2 Password Storage Scheme.- Specified by:
definition
in interfaceConfigurationClient
- Specified by:
definition
in interfacePasswordStorageSchemeCfgClient
- Returns:
- Returns the configuration definition associated with this PBKDF2 Password Storage Scheme.
-
getJavaClass
@MandatoryProperty ValueOrExpression<String> getJavaClass()
Gets the "java-class" property.Specifies the fully-qualified name of the Java class that provides the PBKDF2 Password Storage Scheme implementation.
Default value:
org.opends.server.extensions.PBKDF2PasswordStorageScheme
- Specified by:
getJavaClass
in interfacePasswordStorageSchemeCfgClient
- Returns:
- Returns the value of the "java-class" property.
-
setJavaClass
@MandatoryProperty void setJavaClass(ValueOrExpression<String> value) throws PropertyException
Sets the "java-class" property.Specifies the fully-qualified name of the Java class that provides the PBKDF2 Password Storage Scheme implementation.
- Specified by:
setJavaClass
in interfacePasswordStorageSchemeCfgClient
- Parameters:
value
- The value of the "java-class" property.- Throws:
PropertyException
- If the new value is invalid.
-
getPbkdf2Iterations
ValueOrExpression<Integer> getPbkdf2Iterations()
Gets the "pbkdf2-iterations" property.The number of algorithm iterations to make. NIST recommends at least 1000.
By default, changes to this setting impact only newly created and updated passwords. However, if the rehash-policy is set to always or only-increase, it causes the server to recalculate each user's password hash on their next authentication, and write the new hash to the user's entry on disk. Changing the number of iterations therefore leads to a short-term spike in CPU and disk use as the server updates each user's password when they next authenticate. Longer term, increasing this settings results in more secure passwords at the expense of longer response times and lower throughput.
Default value:
10000
- Returns:
- Returns the value of the "pbkdf2-iterations" property.
-
setPbkdf2Iterations
void setPbkdf2Iterations(ValueOrExpression<Integer> value) throws PropertyException
Sets the "pbkdf2-iterations" property.The number of algorithm iterations to make. NIST recommends at least 1000.
By default, changes to this setting impact only newly created and updated passwords. However, if the rehash-policy is set to always or only-increase, it causes the server to recalculate each user's password hash on their next authentication, and write the new hash to the user's entry on disk. Changing the number of iterations therefore leads to a short-term spike in CPU and disk use as the server updates each user's password when they next authenticate. Longer term, increasing this settings results in more secure passwords at the expense of longer response times and lower throughput.
- Parameters:
value
- The value of the "pbkdf2-iterations" property.- Throws:
PropertyException
- If the new value is invalid.
-
getRehashPolicy
ValueOrExpression<Pbkdf2PasswordStorageSchemeCfgDefn.RehashPolicy> getRehashPolicy()
Gets the "rehash-policy" property.Indicates whether the server should rehash passwords after the cost has been changed.
Passwords will be rehashed when a user successfully authenticates. Note that rehashing will increase the write load on the server.
Default value:
never
- Returns:
- Returns the value of the "rehash-policy" property.
-
setRehashPolicy
void setRehashPolicy(ValueOrExpression<Pbkdf2PasswordStorageSchemeCfgDefn.RehashPolicy> value) throws PropertyException
Sets the "rehash-policy" property.Indicates whether the server should rehash passwords after the cost has been changed.
Passwords will be rehashed when a user successfully authenticates. Note that rehashing will increase the write load on the server.
- Parameters:
value
- The value of the "rehash-policy" property.- Throws:
PropertyException
- If the new value is invalid.
-
-