Chapter 3. Plug-in Implemented Server Functionality Reference
154
Plug-in Parameter Description
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-
in. Red Hat recommends leaving this plug-in
running at all times.
Further Information
3.1.25. Password Storage Schemes
The cn=Password Storage Schemes entry is a container entry, not a plug-in entry itself. All
of the plug-ins used for encryption are stored under this entry. The supported schemes change
as new encryption methods are added; to view the complete and current list, list the entries under
cn=Password Storage Schemes, cn=plugins, cn=config:
/usr/lib/mozldap/ldapsearch -D "cn=directory manager" -w secret12 -p 389 -b "cn=Password
Storage Schemes,cn=plugins, cn=config" -s sub (objectclass=*)
The different password storage scheme plug-ins are stored in entries named in the format:
cn=Storage Scheme Name Plugin,cn=Password Storage Schemes,cn=plugins,cn=config
For more information on using the different password storage schemes, see the "User Account
Management" chapter in the Directory Server Administrator's Guide.
CAUTION
Do not modify the configuration of the password scheme plug-ins. Red Hat
recommends leaving these plug-ins running at all times.
Storage Scheme Name Usage Notes
CLEAR This encryption method is required for using
SASL.
CRYPT This storage scheme is not very secure and
is included only for compatibility with legacy
servers and to allow migration.
DES This encryption scheme is used only for
reversible encryption and is available for certain
plug-ins; this is not intended for password
storage.
MD5 This storage scheme is not very secure and
is included only for compatibility with legacy
servers and to allow migration.
NS-MTA-MD5 The NS-MTA-MD5 password storage scheme
cannot be used to encrypt passwords. The
storage scheme is still present for backward
