From 46824550ba084705c3fbb1475b200da1f84b471a Mon Sep 17 00:00:00 2001
From: Chris Ridd <chris.ridd@forgerock.com>
Date: Thu, 14 Mar 2013 16:20:30 +0000
Subject: [PATCH] CR-1406 Fix OPENDJ-120 Enhancement: Support BSD Crypt SHA256/512 in binding

---
 opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml |   42 ++++++++++++++++++++++++++++--------------
 1 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml
index 85538d4..de76939 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml
@@ -24,7 +24,8 @@
   !
   !
   !      Copyright 2007-2008 Sun Microsystems, Inc.
-  !      Portions Copyright 2010 ForgeRock AS
+  !      Portions Copyright 2010-2013 ForgeRock AS
+  !      Portions Copyright 2012 Dariusz Janny <dariusz.janny@gmail.com>
   ! -->
 <adm:managed-object name="crypt-password-storage-scheme"
   plural-name="crypt-password-storage-schemes"
@@ -36,21 +37,21 @@
     The
     <adm:user-friendly-name />
     provides a mechanism for encoding user passwords like Unix crypt does.
-    Like on most Unix systems, the password mq be encrypted using different
-    algorithm, either UNIX crypt or md5 (bsd).
+    Like on most Unix systems, the password may be encrypted using different
+    algorithms, either Unix crypt, md5, sha256 or sha512.
   </adm:synopsis>
   <adm:description>
     This implementation contains an implementation for the user
     password syntax, with a storage scheme name of "CRYPT". Like on most
-    Unix, the "CRYPT" storage scheme has different algorithm, the default
-    being the UNIX crypt.
+    Unixes, the "CRYPT" storage scheme has different algorithms, the default
+    being the Unix crypt.
 
-    Even though the UNIX crypt is a one-way digest, it
-    is relatively weak by today's standards. Because it supports 
-    only a 12-bit salt (meaning that there are only 4096 possible ways to 
-    encode a given password), it is also vulnerable to dictionary attacks. 
-    You should therefore use this storage scheme only in cases where an 
-    external application expects to retrieve the password and verify it 
+    Even though the Unix crypt is a one-way digest, it
+    is relatively weak by today's standards. Because it supports
+    only a 12-bit salt (meaning that there are only 4096 possible ways to
+    encode a given password), it is also vulnerable to dictionary attacks.
+    You should therefore use this storage scheme only in cases where an
+    external application expects to retrieve the password and verify it
     outside of the directory, rather than by performing an LDAP bind.
   </adm:description>
   <adm:profile name="ldap">
@@ -75,8 +76,11 @@
     <adm:description>
       Select the crypt algorithm to use to encrypt new passwords.
       The value can either be "unix", which means the password is encrypted
-      with the UNIX crypt algorithm, or md5 which means the password is
-      encrypted with BSD MD5 algorithm and has a $1$ prefix.
+      with the Unix crypt algorithm, or md5 which means the password is
+      encrypted with the BSD MD5 algorithm and has a $1$ prefix,
+      or sha256 which means the password is encrypted with the SHA256 algorithm
+      and has a $5$ prefix, or sha512 which means the password is encrypted with
+      the SHA512 algorithm and has a $6$ prefix.
     </adm:description>
     <adm:default-behavior>
       <adm:defined>
@@ -87,7 +91,7 @@
       <adm:enumeration>
         <adm:value name="unix">
           <adm:synopsis>
-            New passwords are encrypted with the UNIX crypt algorithm.
+            New passwords are encrypted with the Unix crypt algorithm.
           </adm:synopsis>
         </adm:value>
         <adm:value name="md5">
@@ -95,6 +99,16 @@
             New passwords are encrypted with the BSD MD5 algorithm.
           </adm:synopsis>
         </adm:value>
+        <adm:value name="sha256">
+          <adm:synopsis>
+            New passwords are encrypted with the Unix crypt SHA256 algorithm.
+          </adm:synopsis>
+        </adm:value>
+        <adm:value name="sha512">
+          <adm:synopsis>
+            New passwords are encrypted with the Unix crypt SHA512 algorithm.
+          </adm:synopsis>
+        </adm:value>
       </adm:enumeration>
     </adm:syntax>
     <adm:profile name="ldap">

--
Gitblit v1.10.0