From 5365334df377225c122b2d237fb6e8f1bad38dc7 Mon Sep 17 00:00:00 2001
From: lfrost <lfrost@localhost>
Date: Tue, 29 Jan 2008 10:37:26 +0000
Subject: [PATCH] Doc changes to Network Groups and Password Configuration docs and some copyright changes. Thanks to Daniel & Matt for the review.
---
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ClearPasswordStorageSchemeConfiguration.xml | 7
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NetworkGroupConfiguration.xml | 8
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlowfishPasswordStorageSchemeConfiguration.xml | 2
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA384PasswordStorageSchemeConfiguration.xml | 2
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RC4PasswordStorageSchemeConfiguration.xml | 2
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA256PasswordStorageSchemeConfiguration.xml | 2
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA1PasswordStorageSchemeConfiguration.xml | 2
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/Base64PasswordStorageSchemeConfiguration.xml | 9 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TripleDESPasswordStorageSchemeConfiguration.xml | 2
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml | 12 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MD5PasswordStorageSchemeConfiguration.xml | 15 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordStorageSchemeConfiguration.xml | 17 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AESPasswordStorageSchemeConfiguration.xml | 2
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordGeneratorConfiguration.xml | 14 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SHA1PasswordStorageSchemeConfiguration.xml | 6
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RandomPasswordGeneratorConfiguration.xml | 46 ++++--
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA512PasswordStorageSchemeConfiguration.xml | 2
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml | 230 ++++++++++++++++++--------------
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedMD5PasswordStorageSchemeConfiguration.xml | 11 +
19 files changed, 246 insertions(+), 145 deletions(-)
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AESPasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AESPasswordStorageSchemeConfiguration.xml
index c147ac1..967486f 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AESPasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AESPasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="aes-password-storage-scheme"
plural-name="aes-password-storage-schemes"
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/Base64PasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/Base64PasswordStorageSchemeConfiguration.xml
index 058ffbb..8b8bbf9 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/Base64PasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/Base64PasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="base64-password-storage-scheme"
plural-name="base64-password-storage-schemes"
@@ -39,7 +39,12 @@
</adm:synopsis>
<adm:description>
This scheme contains only an implementation for the user password
- syntax, with a storage scheme name of "BASE64".
+ syntax, with a storage scheme name of "BASE64". The
+ <adm:user-friendly-name />
+ merely obscures the password so that the clear-text password
+ is not available to casual observers. However, it offers no real
+ protection and should only be used if there are client applications
+ that specifically require this capability.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlowfishPasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlowfishPasswordStorageSchemeConfiguration.xml
index 070461d..1353748 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlowfishPasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlowfishPasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="blowfish-password-storage-scheme"
plural-name="blowfish-password-storage-schemes"
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ClearPasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ClearPasswordStorageSchemeConfiguration.xml
index 49b9b76..6d1fd94 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ClearPasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ClearPasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="clear-password-storage-scheme"
plural-name="clear-password-storage-schemes"
@@ -39,7 +39,10 @@
</adm:synopsis>
<adm:description>
This scheme contains only an implementation for the user password
- syntax, with a storage scheme name of "CLEAR".
+ syntax, with a storage scheme name of "CLEAR". The
+ <adm:user-friendly-name />
+ should only be used if there are client applications that specifically
+ require this capability.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml
index 254dfba..13bc47a 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="crypt-password-storage-scheme"
plural-name="crypt-password-storage-schemes"
@@ -39,7 +39,15 @@
</adm:synopsis>
<adm:description>
This implementation contains only an implementation for the user
- password syntax, with a storage scheme name of "CRYPT".
+ password syntax, with a storage scheme name of "CRYPT". Even though it
+ is a one-way digest, the
+ <adm:user-friendly-name />
+ is relatively weak by today's standards. Because it supports
+ only a 12-bit salt (meaning that there are only 4096 possible ways to
+ encode a given password), it is also vulnerable to dictionary attacks.
+ You should therefore use this storage scheme only in cases where an
+ external application expects to retrieve the password and verify it
+ outside of the directory, rather than by performing an LDAP bind.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MD5PasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MD5PasswordStorageSchemeConfiguration.xml
index 29d9fd6..c09d04e 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MD5PasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MD5PasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="md5-password-storage-scheme"
plural-name="md5-password-storage-schemes"
@@ -35,11 +35,20 @@
The
<adm:user-friendly-name />
provides a mechanism for encoding user passwords using an unsalted
- form of the MD5 message digest algorithm.
+ form of the MD5 message digest algorithm. Because the implementation
+ does not use any kind of salting mechanism, a given password always
+ has the same encoded form.
</adm:synopsis>
<adm:description>
This scheme contains only an implementation for the user password
- syntax, with a storage scheme name of "MD5".
+ syntax, with a storage scheme name of "MD5". Although the MD5 digest
+ algorithm is relatively secure, recent cryptanalysis work has
+ identified mechanisms for generating MD5 collisions. This does not
+ impact the security of this algorithm as it is used in OpenDS, but it
+ is recommended that the MD5 password storage scheme only be used if
+ client applications require it for compatibility purposes, and that a
+ stronger digest like SSHA or SSHA256 be used for environments in which
+ MD5 support is not required.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NetworkGroupConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NetworkGroupConfiguration.xml
index f2227d3..f4f78b2 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NetworkGroupConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NetworkGroupConfiguration.xml
@@ -49,7 +49,7 @@
is enabled for use in the server.
</adm:synopsis>
<adm:description>
- If a network group is not enabled, then its workflows will not be
+ If a network group is not enabled, its workflows will not be
accessible when processing operations.
</adm:description>
<adm:syntax>
@@ -64,13 +64,13 @@
<adm:property name="network-group-id" mandatory="true"
read-only="true">
<adm:synopsis>
- Provides a name that will be used to identify the associated
+ Specifies the name that is used to identify the associated
<adm:user-friendly-name />
.
</adm:synopsis>
<adm:description>
- The name must be unique among all
- <adm:user-friendly-name />
+ The name must be unique among all the
+ <adm:user-friendly-plural-name />
in the server.
</adm:description>
<adm:syntax>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordGeneratorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordGeneratorConfiguration.xml
index 812da73..19672f0 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordGeneratorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordGeneratorConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="password-generator"
plural-name="password-generators"
@@ -36,6 +36,14 @@
are used by the password modify extended operation to construct a
new password for the user.
</adm:synopsis>
+ <adm:description>
+ The server allows any number of password validators to be defined.
+ This can impose any kinds of restrictions on the characteristics
+ of valid passwords. Therefore, it is not feasible for the server
+ to attempt to generate a password on its own that will meet all
+ the requirements of all the validators. The password generator
+ makes it possible to provide custom logic for creating a new password.
+ </adm:description>
<adm:tag name="user-management" />
<adm:profile name="ldap">
<ldap:object-class>
@@ -48,7 +56,7 @@
</adm:profile>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicate whether the
+ Indicates whether the
<adm:user-friendly-name />
is enabled for use.
</adm:synopsis>
@@ -63,7 +71,7 @@
</adm:property>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
+ Specifies the fully-qualified name of the Java class that provides the
<adm:user-friendly-name />
implementation.
</adm:synopsis>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
index 4919851..2fc11ce 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
@@ -30,7 +30,8 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- Define a number of password management rules, as well as
+ <adm:user-friendly-plural-name />
+ define a number of password management rules, as well as
requirements for authentication processing.
</adm:synopsis>
<adm:tag name="user-management" />
@@ -60,8 +61,8 @@
<adm:property name="default-password-storage-scheme" mandatory="true"
multi-valued="true">
<adm:synopsis>
- Specifies the names of the the password storage schemes that will
- be used to encode clear-text passwords for this password policy.
+ Specifies the names of the password storage schemes that are used
+ to encode clear-text passwords for this password policy.
</adm:synopsis>
<adm:syntax>
<adm:aggregation relation-name="password-storage-scheme"
@@ -85,14 +86,14 @@
<adm:property name="deprecated-password-storage-scheme"
multi-valued="true">
<adm:synopsis>
- Specifies the names of the password storage schemes that will be
+ Specifies the names of the password storage schemes that are
considered deprecated for this password policy.
</adm:synopsis>
<adm:description>
If a user with this password policy authenticates to the server
- and his/her password is encoded with any deprecated schemes, then
- those values will be removed and replaced with values encoded
- using the default password storage scheme(s).
+ and his/her password is encoded with a deprecated scheme, those
+ values are removed and replaced with values encoded using the
+ default password storage scheme(s).
</adm:description>
<adm:default-behavior>
<adm:undefined />
@@ -118,9 +119,13 @@
</adm:property>
<adm:property name="password-validator" multi-valued="true">
<adm:synopsis>
- Specifies the names of the password validators that should be used
+ Specifies the names of the password validators that are used
with the associated password storage scheme.
</adm:synopsis>
+ <adm:description>
+ The password validators are invoked when a user attempts to provide
+ a new password, to determine whether the new password is acceptable.
+ </adm:description>
<adm:default-behavior>
<adm:undefined />
</adm:default-behavior>
@@ -147,7 +152,7 @@
multi-valued="true">
<adm:synopsis>
Specifies the names of the account status notification handlers
- that should be used with the associated password storage scheme.
+ that are used with the associated password storage scheme.
</adm:synopsis>
<adm:default-behavior>
<adm:undefined />
@@ -177,12 +182,12 @@
</adm:property>
<adm:property name="allow-user-password-changes">
<adm:synopsis>
- Indicates whether users will be allowed to change their own
+ Indicates whether users can change their own
passwords.
</adm:synopsis>
<adm:description>
- This check is made in addition to access control evaluation, and
- therefore both must allow the password change for it to occur.
+ This check is made in addition to access control evaluation.
+ Both must allow the password change for it to occur.
</adm:description>
<adm:default-behavior>
<adm:defined>
@@ -200,9 +205,9 @@
</adm:property>
<adm:property name="password-change-requires-current-password">
<adm:synopsis>
- Indicates whether user password changes will be required to use
- the password modify extended operation and include the user's
- current password before the change will be allowed.
+ Indicates whether user password changes must use
+ the password modify extended operation and must include the user's
+ current password before the change is allowed.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
@@ -222,7 +227,7 @@
</adm:property>
<adm:property name="force-change-on-add">
<adm:synopsis>
- Indicates whether users will be forced to change their passwords
+ Indicates whether users are forced to change their passwords
upon first authenticating to the Directory Server after their
account has been created.
</adm:synopsis>
@@ -242,12 +247,12 @@
</adm:property>
<adm:property name="force-change-on-reset">
<adm:synopsis>
- Indicates whether users will be forced to change their passwords
+ Indicates whether users are forced to change their passwords
if they are reset by an administrator.
</adm:synopsis>
<adm:description>
For this purpose, anyone with permission to change a given user's
- password other than that user will be considered an administrator.
+ password other than that user is considered an administrator.
</adm:description>
<adm:default-behavior>
<adm:defined>
@@ -266,8 +271,8 @@
<adm:property name="skip-validation-for-administrators"
advanced="true">
<adm:synopsis>
- Indicates whether passwords set by administrators will be allowed
- to bypass the password validation process that will be required
+ Indicates whether passwords set by administrators are allowed
+ to bypass the password validation process that is required
for user password changes.
</adm:synopsis>
<adm:default-behavior>
@@ -286,11 +291,11 @@
</adm:property>
<adm:property name="password-generator">
<adm:synopsis>
- Specifies the name of the password generator that should be used
+ Specifies the name of the password generator that is used
with the associated password policy.
</adm:synopsis>
<adm:description>
- This will be used in conjunction with the password modify extended
+ This is used in conjunction with the password modify extended
operation to generate a new password for a user when none was
provided in the request.
</adm:description>
@@ -318,11 +323,11 @@
</adm:property>
<adm:property name="require-secure-authentication">
<adm:synopsis>
- Indicates whether users with the associated password policy will
- be required to authenticate in a secure manner.
+ Indicates whether users with the associated password policy are
+ required to authenticate in a secure manner.
</adm:synopsis>
<adm:description>
- This could mean either using a secure communication channel
+ This might mean either using a secure communication channel
between the client and the server, or using a SASL mechanism that
does not expose the credentials.
</adm:description>
@@ -342,8 +347,8 @@
</adm:property>
<adm:property name="require-secure-password-changes">
<adm:synopsis>
- Indicates whether users with the associated password policy will
- be required to change their password in a secure manner that does
+ Indicates whether users with the associated password policy are
+ required to change their password in a secure manner that does
not expose the credentials.
</adm:synopsis>
<adm:default-behavior>
@@ -362,14 +367,14 @@
</adm:property>
<adm:property name="allow-multiple-password-values" advanced="true">
<adm:synopsis>
- Indicates whether user entries will be allowed to have multiple
+ Indicates whether user entries can have multiple
distinct values for the password attribute.
</adm:synopsis>
<adm:description>
This is potentially dangerous because many mechanisms used to
change the password do not work well with such a configuration. If
- multiple password values are allowed, then any of them may be used
- to authenticate, and they will all be subject to the same policy
+ multiple password values are allowed, then any of them can be used
+ to authenticate, and they are all subject to the same policy
constraints.
</adm:description>
<adm:default-behavior>
@@ -388,7 +393,7 @@
</adm:property>
<adm:property name="allow-pre-encoded-passwords" advanced="true">
<adm:synopsis>
- Indicates whether users will be allowed to change their passwords
+ Indicates whether users can change their passwords
by providing a pre-encoded value.
</adm:synopsis>
<adm:description>
@@ -412,16 +417,16 @@
</adm:property>
<adm:property name="min-password-age">
<adm:synopsis>
- Specifies the minimum length of time that must pass after a
- password change before the user will be allowed to change the
+ Specifies the minimum length of time after a
+ password change before the user is allowed to change the
password again.
</adm:synopsis>
<adm:description>
- The value of this attribute should be an integer followed by a
+ The value of this attribute is an integer followed by a
unit of seconds, minutes, hours, days, or weeks. This setting can
be used to prevent users from changing their passwords repeatedly
- over a short period of time to flush and old password from the
- history so that it may be re-used.
+ over a short period of time to flush an old password from the
+ history so that it can be re-used.
</adm:description>
<adm:default-behavior>
<adm:defined>
@@ -429,7 +434,7 @@
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:duration />
+ <adm:duration lower-limit="0" upper-limit="2147483647" base-unit="s"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -439,14 +444,14 @@
</adm:property>
<adm:property name="max-password-age">
<adm:synopsis>
- Specifies the maximum length of time that a user may continue
- using the same password before it must be changed (i.e., the
+ Specifies the maximum length of time that a user can continue
+ using the same password before it must be changed (that is, the
password expiration interval).
</adm:synopsis>
<adm:description>
- The value of this attribute should be an integer followed by a
+ The value of this attribute is an integer followed by a
unit of seconds, minutes, hours, days, or weeks. A value of 0
- seconds will disable password expiration.
+ seconds disables password expiration.
</adm:description>
<adm:default-behavior>
<adm:defined>
@@ -454,7 +459,7 @@
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:duration />
+ <adm:duration lower-limit="0" upper-limit="2147483647" base-unit="s"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -469,9 +474,9 @@
they become locked.
</adm:synopsis>
<adm:description>
- The value of this attribute should be an integer followed by a
+ The value of this attribute is an integer followed by a
unit of seconds, minutes, hours, days, or weeks. A value of 0
- seconds will disable this feature.
+ seconds disables this feature.
</adm:description>
<adm:default-behavior>
<adm:defined>
@@ -479,7 +484,7 @@
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:duration />
+ <adm:duration lower-limit="0" upper-limit="2147483647" base-unit="s"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -490,13 +495,13 @@
<adm:property name="password-expiration-warning-interval">
<adm:synopsis>
Specifies the maximum length of time before a user's password
- actually expires that the server will begin to include warning
+ actually expires that the server begins to include warning
notifications in bind responses for that user.
</adm:synopsis>
<adm:description>
- The value of this attribute should be an integer followed by a
+ The value of this attribute is an integer followed by a
unit of seconds, minutes, hours, days, or weeks. A value of 0
- seconds will disable the warning interval.
+ seconds disables the warning interval.
</adm:description>
<adm:default-behavior>
<adm:defined>
@@ -516,15 +521,15 @@
</adm:property>
<adm:property name="expire-passwords-without-warning">
<adm:synopsis>
- Indicates whether the Directory Server should allow a user's
+ Indicates whether the Directory Server allows a user's
password to expire even if that user has never seen an expiration
warning notification.
</adm:synopsis>
<adm:description>
- If this setting is enabled, then accounts will always be expired
- when the expiration time arrives. If it is disabled, then the user
- will always receive at least one warning notification, and the
- password expiration will be set to the warning time plus the
+ If this property is true, accounts always expire when the
+ expiration time arrives. If this property is false disabled, the user
+ always receives at least one warning notification, and the
+ password expiration is set to the warning time plus the
warning interval.
</adm:description>
<adm:default-behavior>
@@ -543,7 +548,7 @@
</adm:property>
<adm:property name="allow-expired-password-changes">
<adm:synopsis>
- Indicates whether a user whose password is expired will still be
+ Indicates whether a user whose password is expired is still
allowed to change that password using the password modify extended
operation.
</adm:synopsis>
@@ -563,12 +568,12 @@
</adm:property>
<adm:property name="grace-login-count">
<adm:synopsis>
- Specifies the number of grace logins that a user will be allowed
+ Specifies the number of grace logins that a user is allowed
after the account has expired to allow that user to choose a new
password.
</adm:synopsis>
<adm:description>
- A value of 0 indicates that no grace logins will be allowed.
+ A value of 0 indicates that no grace logins are allowed.
</adm:description>
<adm:default-behavior>
<adm:defined>
@@ -587,10 +592,10 @@
<adm:property name="lockout-failure-count">
<adm:synopsis>
Specifies the maximum number of authentication failures that a
- user should be allowed before the account is locked out.
+ user is allowed before the account is locked out.
</adm:synopsis>
<adm:description>
- A value of 0 indicates that accounts should never be locked out
+ A value of 0 indicates that accounts are never locked out
due to failed attempts.
</adm:description>
<adm:default-behavior>
@@ -599,7 +604,7 @@
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:integer lower-limit="0" upper-limit="2147483647" />
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -609,13 +614,13 @@
</adm:property>
<adm:property name="lockout-duration">
<adm:synopsis>
- Specifies the length of time that an account should be locked
+ Specifies the length of time that an account is locked
after too many authentication failures.
</adm:synopsis>
<adm:description>
- The value of this attribute should be an integer followed by a
+ The value of this attribute is an integer followed by a
unit of seconds, minutes, hours, days, or weeks. A value of 0
- seconds indicates that the account should remain locked until an
+ seconds indicates that the account must remain locked until an
administrator resets the password.
</adm:description>
<adm:default-behavior>
@@ -624,7 +629,7 @@
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:duration />
+ <adm:duration lower-limit="0" upper-limit="2147483647" base-unit="s"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -634,15 +639,15 @@
</adm:property>
<adm:property name="lockout-failure-expiration-interval">
<adm:synopsis>
- Specifies the length of time that should pass before an
+ Specifies the length of time before an
authentication failure is no longer counted against a user for the
purposes of account lockout.
</adm:synopsis>
<adm:description>
- The value of this attribute should be an integer followed by a
+ The value of this attribute is an integer followed by a
unit of seconds, minutes, hours, days, or weeks. A value of 0
- seconds indicates that the authentication failures should never
- expire. The failure count will always be cleared upon a successful
+ seconds indicates that the authentication failures must never
+ expire. The failure count is always cleared upon a successful
authentication.
</adm:description>
<adm:default-behavior>
@@ -651,7 +656,7 @@
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:duration />
+ <adm:duration lower-limit="0" upper-limit="2147483647" base-unit="s"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -667,10 +672,10 @@
policy must change their passwords.
</adm:synopsis>
<adm:description>
- The value should be expressed in a generalized time format. If
+ The value is expressed in a generalized time format. If
this time is equal to the current time or is in the past, then all
- users will be required to change their passwords immediately. The
- behavior of the server in this mode will be identical to the
+ users are required to change their passwords immediately. The
+ behavior of the server in this mode is identical to the
behavior observed when users are forced to change their passwords
after an administrative reset.
</adm:description>
@@ -678,7 +683,17 @@
<adm:undefined />
</adm:default-behavior>
<adm:syntax>
- <adm:string />
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ A valid timestamp in generalized time form (for example,
+ a value of "20070409185811Z" indicates a value of April 9,
+ 2007 at 6:58:11 pm GMT).
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -688,7 +703,7 @@
</adm:property>
<adm:property name="last-login-time-attribute">
<adm:synopsis>
- Specifies the name or OID of the attribute type that should be
+ Specifies the name or OID of the attribute type that is
used to hold the last login time for users with the associated
password policy.
</adm:synopsis>
@@ -712,19 +727,28 @@
</adm:property>
<adm:property name="last-login-time-format">
<adm:synopsis>
- Specifies the format string that should be used to generate the
+ Specifies the format string that is used to generate the
last login time value for users with the associated password
policy.
</adm:synopsis>
<adm:description>
- This format string should conform to the syntax described in the
+ This format string conforms to the syntax described in the
API documentation for the java.text.SimpleDateFormat class.
</adm:description>
<adm:default-behavior>
<adm:undefined />
</adm:default-behavior>
- <adm:syntax>
- <adm:string />
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any valid format string that can be used with the
+ java.text.SimpleDateFormat class.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -735,21 +759,30 @@
<adm:property name="previous-last-login-time-format"
multi-valued="true">
<adm:synopsis>
- Specifies the format string(s) that may have been used with the
+ Specifies the format string(s) that might have been used with the
last login time at any point in the past for users associated with
the password policy.
</adm:synopsis>
<adm:description>
These values are used to make it possible to parse previous
- values, but will not be used to set new values. These format
- strings should conform to the syntax described in the API
+ values, but are not used to set new values. The format
+ strings conform to the syntax described in the API
documentation for the java.text.SimpleDateFormat class.
</adm:description>
<adm:default-behavior>
<adm:undefined />
</adm:default-behavior>
- <adm:syntax>
- <adm:string />
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any valid format string that can be used with the
+ java.text.SimpleDateFormat class.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -760,14 +793,14 @@
<adm:property name="idle-lockout-interval">
<adm:synopsis>
Specifies the maximum length of time that an account may remain
- idle (i.e., the associated user does not authenticate to the
+ idle (that is, the associated user does not authenticate to the
server) before that user is locked out.
</adm:synopsis>
<adm:description>
- The value of this attribute should be an integer followed by a
+ The value of this attribute is an integer followed by a
unit of seconds, minutes, hours, days, or weeks. A value of 0
- seconds indicates that idle accounts should not automatically be
- locked out. This feature will only be available if the last login
+ seconds indicates that idle accounts are not automatically
+ locked out. This feature is available only if the last login
time is maintained.
</adm:description>
<adm:default-behavior>
@@ -776,7 +809,7 @@
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:duration />
+ <adm:duration lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -786,19 +819,20 @@
</adm:property>
<adm:property name="state-update-failure-policy" advanced="true">
<adm:synopsis>
- Specifies how the server should deal with the inability to update
+ Specifies how the server deals with the inability to update
password policy state information during an authentication
attempt.
</adm:synopsis>
<adm:description>
- In particular, it may be used to control whether an otherwise
- successful bind operation should fail if a failure occurs while
- attempting to update password policy state information (e.g., to
+ In particular, this property can be used to control whether an otherwise
+ successful bind operation fails if a failure occurs while
+ attempting to update password policy state information (for example, to
clear a record of previous authentication failures or to update
- the last login time), or even whether to reject a bind request if
- it is known ahead of time that it will not be possible to update
- the authentication failure times in the event of an unsuccessful
- bind attempt (e.g., if the backend writability mode is disabled).
+ the last login time). It can also be used to control whether to
+ reject a bind request if it is known ahead of time that it will not be
+ possible to update the authentication failure times in the event of an
+ unsuccessful bind attempt (for example, if the backend writability mode
+ is disabled).
</adm:description>
<adm:default-behavior>
<adm:defined>
@@ -842,7 +876,7 @@
the password history.
</adm:synopsis>
<adm:description>
- When choosing a new password, the proposed password will be
+ When choosing a new password, the proposed password is
checked to ensure that it does not match the current password, nor
any other password in the history list. A value of zero indicates
that either no password history is to be maintained (if the
@@ -867,11 +901,11 @@
</adm:property>
<adm:property name="password-history-duration">
<adm:synopsis>
- Specifies the maximum length of time that passwords should remain
+ Specifies the maximum length of time that passwords remain
in the password history.
</adm:synopsis>
<adm:description>
- When choosing a new password, the proposed password will be
+ When choosing a new password, the proposed password is
checked to ensure that it does not match the current password, nor
any other password in the history list. A value of zero seconds
indicates that either no password history is to be maintained (if
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordStorageSchemeConfiguration.xml
index b79f9ab..f5eb5e5 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="password-storage-scheme"
plural-name="password-storage-schemes"
@@ -32,9 +32,16 @@
xmlns:ldap="http://www.opends.org/admin-ldap"
xmlns:cli="http://www.opends.org/admin-cli">
<adm:synopsis>
- <adm:user-friendly-name />
- defines a module that implements a password storage scheme.
+ <adm:user-friendly-plural-name />
+ encode new passwords provided by users so that they are stored in an
+ encoded manner. This makes it difficult or impossible for someone to
+ determine the clear-text passwords from the encoded values.
</adm:synopsis>
+ <adm:description>
+ <adm:user-friendly-plural-name />
+ also determine whether a clear-text password provided by a client
+ matches the encoded value stored in the server.
+ </adm:description>
<adm:tag name="user-management" />
<adm:profile name="ldap">
<ldap:object-class>
@@ -47,7 +54,7 @@
</adm:profile>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicate whether the
+ Indicates whether the
<adm:user-friendly-name />
is enabled for use.
</adm:synopsis>
@@ -62,7 +69,7 @@
</adm:property>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
+ Specifies the fully-qualified name of the Java class that provides the
<adm:user-friendly-name />
implementation.
</adm:synopsis>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RC4PasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RC4PasswordStorageSchemeConfiguration.xml
index 8b0ecbb..3ecca64 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RC4PasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RC4PasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="rc4-password-storage-scheme"
plural-name="rc4-password-storage-schemes"
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RandomPasswordGeneratorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RandomPasswordGeneratorConfiguration.xml
index ffaa2cf..ef4fca3 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RandomPasswordGeneratorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RandomPasswordGeneratorConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="random-password-generator"
plural-name="random-password-generators"
@@ -33,7 +33,7 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to generate a random passwords based on fixed-length strings
+ creates random passwords based on fixed-length strings
built from one or more character sets.
</adm:synopsis>
<adm:profile name="ldap">
@@ -57,17 +57,26 @@
Specifies one or more named character sets.
</adm:synopsis>
<adm:description>
- Specifies one or more named character sets. This is a multi-valued
- attribute, with each value defining a different character set. The
- format of the character set is the name of the set followed by a
- colon and the characters that should be in that set. For example,
- the value "alpha:abcdefghijklmnopqrstuvwxyz" would define a
+ This is a multi-valued property, with each value defining a different
+ character set. The format of the character set is the name of the set
+ followed by a colon and the characters that are in that set.
+ For example, the value "alpha:abcdefghijklmnopqrstuvwxyz" defines a
character set named "alpha" containing all of the lower-case ASCII
alphabetic characters.
</adm:description>
<adm:syntax>
- <adm:string />
- </adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FORMAT</adm:usage>
+ <adm:synopsis>
+ A character set name (consisting of ASCII letters) followed by
+ a colon and the set of characters that are included in that
+ character set.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-password-character-set</ldap:name>
@@ -79,19 +88,28 @@
Specifies the format to use for the generated password.
</adm:synopsis>
<adm:description>
- Specifies the format to use for the generated password. The value
- is a comma-delimited list of elements in which each of those
+ The value is a comma-delimited list of elements in which each of those
elements is comprised of the name of a character set defined in
the password-character-set property, a colon, and the number of
characters to include from that set. For example, a value of
- "alpha:3,numeric:2,alpha:3" would generate an 8-character password
+ "alpha:3,numeric:2,alpha:3" generates an 8-character password
in which the first three characters are from the "alpha" set, the
next two are from the "numeric" set, and the final three are from
the "alpha" set.
</adm:description>
<adm:syntax>
- <adm:string />
- </adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FORMAT</adm:usage>
+ <adm:synopsis>
+ A comma-delimited list whose elements comprise a valid character
+ set name, a colon, and a positive integer indicating the number
+ of characters from that set to be included.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-password-format</ldap:name>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SHA1PasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SHA1PasswordStorageSchemeConfiguration.xml
index 6e8abea..e19005b 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SHA1PasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SHA1PasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="sha1-password-storage-scheme"
plural-name="sha1-password-storage-schemes"
@@ -35,7 +35,9 @@
The
<adm:user-friendly-name />
provides a mechanism for encoding user passwords using an unsalted
- form of the SHA-1 message digest algorithm.
+ form of the SHA-1 message digest algorithm. Because the implementation
+ does not use any kind of salting mechanism, a given password always has
+ the same encoded form.
</adm:synopsis>
<adm:description>
This scheme contains only an implementation for the user password
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedMD5PasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedMD5PasswordStorageSchemeConfiguration.xml
index 764cbf2..d6f4fc2 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedMD5PasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedMD5PasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="salted-md5-password-storage-scheme"
plural-name="salted-md5-password-storage-schemes"
@@ -40,7 +40,14 @@
<adm:description>
This scheme contains an implementation for the user password syntax,
with a storage scheme name of "SMD5", and an implementation of the
- auth password syntax, with a storage scheme name of "MD5".
+ auth password syntax, with a storage scheme name of "MD5". Although the
+ MD5 digest algorithm is relatively secure, recent cryptanalysis work has
+ identified mechanisms for generating MD5 collisions. This does not
+ impact the security of this algorithm as it is used in OpenDS, but it
+ is recommended that the MD5 password storage scheme only be used if
+ client applications require it for compatibility purposes, and that a
+ stronger digest like SSHA or SSHA256 be used for environments in which
+ MD5 support is not required.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA1PasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA1PasswordStorageSchemeConfiguration.xml
index 26677b1..dfaca31 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA1PasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA1PasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="salted-sha1-password-storage-scheme"
plural-name="salted-sha1-password-storage-schemes"
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA256PasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA256PasswordStorageSchemeConfiguration.xml
index 1df7720..84aa107 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA256PasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA256PasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="salted-sha256-password-storage-scheme"
plural-name="salted-sha256-password-storage-schemes"
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA384PasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA384PasswordStorageSchemeConfiguration.xml
index 0a91be0..42ff7ab 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA384PasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA384PasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="salted-sha384-password-storage-scheme"
plural-name="salted-sha384-password-storage-schemes"
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA512PasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA512PasswordStorageSchemeConfiguration.xml
index 655cbcb..81d342f 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA512PasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SaltedSHA512PasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="salted-sha512-password-storage-scheme"
plural-name="salted-sha512-password-storage-schemes"
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TripleDESPasswordStorageSchemeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TripleDESPasswordStorageSchemeConfiguration.xml
index 1ebeb85..170c721 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TripleDESPasswordStorageSchemeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TripleDESPasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="triple-des-password-storage-scheme"
plural-name="triple-des-password-storage-schemes"
--
Gitblit v1.10.0